User-added CAs should be able to specify a domain for which they are trusted

UNCONFIRMED
Unassigned

Status

()

P5
enhancement
UNCONFIRMED
5 years ago
2 years ago

People

(Reporter: andy, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

(Reporter)

Description

5 years ago
I just imported a CA certificate (the Fedora project's certificate).  Firefox asked me what I want to trust that certificate for.

I want to trust it to identify websites that are subdomains of fedoraproject.org.  Please let me do that.
Component: Preferences → Security: UI
Product: Firefox → Core
I'd like this ability as well, please.  It is related to bug 1168603, an attempt to minimize the damage that a user-installed CA can do.
(Reporter)

Comment 2

4 years ago
This could be useful for more than just user-installed certificates.  Just because X.509 name constraints are mostly useless doesn't mean that Firefox couldn't eventually restrict some of its trusted root CAs to subsets of the global DNS namespace.
Component: Security: UI → Security: PSM
Priority: -- → P5
Whiteboard: [psm-backlog]
You need to log in before you can comment on or make changes to this bug.