Open Bug 953322 Opened 11 years ago Updated 2 years ago

User-added CAs should be able to specify a domain for which they are trusted

Tracking

()

Status:

UNCONFIRMED

People

(Reporter: andy, Unassigned)

Details

(Whiteboard: [psm-backlog])

andy

Reporter

Description

•

11 years ago

I just imported a CA certificate (the Fedora project's certificate).  Firefox asked me what I want to trust that certificate for.

I want to trust it to identify websites that are subdomains of fedoraproject.org.  Please let me do that.

Dão Gottwald [:dao]

Updated

•

11 years ago

Component: Preferences → Security: UI

Product: Firefox → Core

Daniel Kahn Gillmor

Comment 1

•

9 years ago

I'd like this ability as well, please.  It is related to bug 1168603, an attempt to minimize the damage that a user-installed CA can do.

andy

Reporter

Comment 2

•

9 years ago

This could be useful for more than just user-installed certificates.  Just because X.509 name constraints are mostly useless doesn't mean that Firefox couldn't eventually restrict some of its trusted root CAs to subsets of the global DNS namespace.

Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)

Updated

•

8 years ago

Component: Security: UI → Security: PSM

Priority: -- → P5

Whiteboard: [psm-backlog]

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

User-added CAs should be able to specify a domain for which they are trusted

Categories

(Core :: Security: PSM, enhancement, P5)

Tracking

()

People

(Reporter: andy, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated

Updated