Inaccurate explanation of the term 'signature'

RESOLVED WONTFIX

Status

www.mozilla.org
Pages & Content
RESOLVED WONTFIX
8 years ago
4 years ago

People

(Reporter: Tadeus Prastowo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010040116 Ubuntu/9.04 (jaunty) Firefox/3.0.19
Build Identifier: 

Since a certificate can mean a public key certificate or a personal certificate, I propose that the word 'certificate' used in the paragraph is replaced with 'personal certificate' for the sake of clarity (i.e., we sign digital objects using a private key not a public key certificate).

Reproducible: Always

Steps to Reproduce:
1. Just visit the URL.
Actual Results:  
[Unclear whether certificate means public key certificate or personal certificate]

Signature
    By using a certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the user's certificate to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid.

Expected Results:  
[It is clear that one can sign digital objects using the private key contained in a personal certificate]

Signature
    By using a personal certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the user's personal certificate to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid.
(Reporter)

Comment 1

8 years ago
Since the term 'Personal Certificate' is used to mean the certificate that is
intended for personal usage as opposed to a corporate usage [1,2], I propose
that the words 'sign with a certificate' are either replaced with 'sign with
the private key of the corresponding certificate' or simply dropped.

So, here is how the expected result should be:

Signature
    By using the corresponding private key of the public key contained in a certificate, a developer can sign a web page and its associated
code. A signing program, like Netscape's SignTool first compresses the files to
be signed. The program uses the private key to generate a signature
unique to the user and the signed files. This signature is included with the
files in a JAR file. If the contents of the JAR file are modified after
signing, the user's browser will be able to tell, and the signature will be
invalid.

[1] http://security.fnal.gov/pki/what_is_cert.html#personal
[2] http://fiatlux.zeitform.info/en/instructions/wot.html

Comment 2

6 years ago
Closing old Mozilla.org website bugs due to them not being relevant to the new Python-based Bedrock system. Re-open if this is a critical bug and should be resolved on the new system too.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX

Comment 3

6 years ago
I'm not sure how in the world this bug would've been fixed by some "Bedrock" system.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WONTFIX → ---

Comment 4

6 years ago
Hi Samuel. It is indirectly related to Bedrock and Bedrock is just the code name for www.mozilla.org implementation of Django. The content for this bug needs to be moved to another location and that does not make this bug invalid. In the future, www.mozilla.org will be all Bedrock.

Yes, this is not fixed, but this is a bigger discussion that needs to happen on where this content should go.
(Assignee)

Updated

6 years ago
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
This page has been archived some time ago.
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago4 years ago
Component: General → Pages & Content
OS: Linux → All
Hardware: x86 → All
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.