Open Bug 471150 Opened 13 years ago Updated 3 years ago
Installation of Personal Certificate Should Suggest Setting a Master Password
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:184.108.40.206) Gecko/2008092416 Firefox/3.0.3 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:220.127.116.11) Gecko/2008092416 Firefox/3.0.3 When a personal certificate is installed in Firefox and no master password is set (default), then Firefox stores the certificate without issuing a warning that the certificate is unprotected or any suggestion to set a master password. This happens even when Firefox is set to not "Remember passwords for sites". Reproducible: Always Steps to Reproduce: 1. Disable "Master Password" if it is set. 2. Disable "Remember passwords for sites". 3. Load a personal certificate. Actual Results: Certificate is installed and stored. Expected Results: A security warning.
This should be in PSM.
Assignee: nobody → kaie
Severity: normal → enhancement
Component: Security → Security: UI
Product: Firefox → Core
QA Contact: firefox → ui
Version: unspecified → Trunk
0. supposing a user decides to collect certificates... 1. the first time they are offered a certificate, firefox/thunderbird offer to let the user set a master password. 2. suppose the user declines. 3a. what happens if a minute later the user is offered a second certificate? 4a. should the user be offered to again set a master password? 3b. suppose you answered no to 4a. suppose the user deletes the certificate installed near 2. 4b. suppose the user is offered another certificate. 5b. should the user be offered to set the master password now? something like this could be implemented. but i won't implement it without a spec and a justification for the answer to the questions (4a, 5b) i'm asking here.
Assignee: kaie → johnath
OS: Linux → All
Hardware: x86 → All
Component: Security: UI → Security: PSM
Priority: -- → P5
Whiteboard: [psm-cert-manager] → [psm-cert-manager][psm-clientauth]
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.