Closed
Bug 574730
Opened 14 years ago
Closed 11 years ago
Inaccurate explanation of the term 'signature'
Categories
(www.mozilla.org :: Pages & Content, defect)
www.mozilla.org
Pages & Content
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: eus, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010040116 Ubuntu/9.04 (jaunty) Firefox/3.0.19 Build Identifier: Since a certificate can mean a public key certificate or a personal certificate, I propose that the word 'certificate' used in the paragraph is replaced with 'personal certificate' for the sake of clarity (i.e., we sign digital objects using a private key not a public key certificate). Reproducible: Always Steps to Reproduce: 1. Just visit the URL. Actual Results: [Unclear whether certificate means public key certificate or personal certificate] Signature By using a certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the user's certificate to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid. Expected Results: [It is clear that one can sign digital objects using the private key contained in a personal certificate] Signature By using a personal certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the user's personal certificate to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid.
Reporter | ||
Comment 1•14 years ago
|
||
Since the term 'Personal Certificate' is used to mean the certificate that is intended for personal usage as opposed to a corporate usage [1,2], I propose that the words 'sign with a certificate' are either replaced with 'sign with the private key of the corresponding certificate' or simply dropped. So, here is how the expected result should be: Signature By using the corresponding private key of the public key contained in a certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the private key to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid. [1] http://security.fnal.gov/pki/what_is_cert.html#personal [2] http://fiatlux.zeitform.info/en/instructions/wot.html
Comment 2•12 years ago
|
||
Closing old Mozilla.org website bugs due to them not being relevant to the new Python-based Bedrock system. Re-open if this is a critical bug and should be resolved on the new system too.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Comment 3•12 years ago
|
||
I'm not sure how in the world this bug would've been fixed by some "Bedrock" system.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WONTFIX → ---
Comment 4•12 years ago
|
||
Hi Samuel. It is indirectly related to Bedrock and Bedrock is just the code name for www.mozilla.org implementation of Django. The content for this bug needs to be moved to another location and that does not make this bug invalid. In the future, www.mozilla.org will be all Bedrock. Yes, this is not fixed, but this is a bigger discussion that needs to happen on where this content should go.
Assignee | ||
Updated•12 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
Comment 5•11 years ago
|
||
This page has been archived some time ago.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 11 years ago
Component: General → Pages & Content
OS: Linux → All
Hardware: x86 → All
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•