Closed Bug 576091 Opened 15 years ago Closed 15 years ago

unknown server certificates should - if accepted - not be made permanent per default

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 410240

People

(Reporter: calestyo, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100623 Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100623 Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/1.0.1 Hi. May I, for security reasons, suggest that if a user gets the well known dialog when accessing an https-site, for which the certificate is not yet trusted somehow, the "Permanently store this exception" check box should be unchecked per default. One often access SSL sites, which cannot be "trusted" (at least from the Firefox point of view) but this is often no problem, as one does not intend to enter or rely on any secured information anyway. However, per default the checkbox "Permanently store this exception" in the exception-dialog is enabled, which I guess, is bad for security reasons (as it would be permanent). Thanks, Chris. Reproducible: Always Steps to Reproduce: 1. Open a site using SSL, for which the root-cert is not trusted 2. Make an exception... Actual Results: See that the "make it permanent" checkbox is already activated Expected Results: The default should be not to make the exception permanent. (But only for accepting server certs - for the choosen client cert, this is quite useful.)
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.