Open Bug 953322 Opened 11 years ago Updated 2 years ago

User-added CAs should be able to specify a domain for which they are trusted

Categories

(Core :: Security: PSM, enhancement, P5)

x86_64
Linux
enhancement

Tracking

()

UNCONFIRMED

People

(Reporter: andy, Unassigned)

Details

(Whiteboard: [psm-backlog])

I just imported a CA certificate (the Fedora project's certificate). Firefox asked me what I want to trust that certificate for. I want to trust it to identify websites that are subdomains of fedoraproject.org. Please let me do that.
Component: Preferences → Security: UI
Product: Firefox → Core
I'd like this ability as well, please. It is related to bug 1168603, an attempt to minimize the damage that a user-installed CA can do.
This could be useful for more than just user-installed certificates. Just because X.509 name constraints are mostly useless doesn't mean that Firefox couldn't eventually restrict some of its trusted root CAs to subsets of the global DNS namespace.
Component: Security: UI → Security: PSM
Priority: -- → P5
Whiteboard: [psm-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.