Open Bug 953323 Opened 11 years ago Updated 2 years ago

The add-a-CA UI should not allow enabling trust bits unrelated to the app

Categories

(Core :: Security: PSM, enhancement, P3)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

People

(Reporter: andy, Unassigned)

Details

(Whiteboard: [psm-backlog])

I just imported a CA certificate (the Fedora project's certificate). Firefox asked me what I want to trust that certificate for. The questions are unclear. Choice 1: Trust it to identify websites? This one makes sens. Choice 2: Trust it to identify email users? What the *!&@ does that mean? This is Firefox, not Thunderbird. Choice 3: Trust it to identify software developers? Seriously? Does this mean that I would trust this CA to grant privilege to people's software? Does this mean that I would trust this CA to tell me who wrote Firefox add-ons? Why are you asking me this question? (I'm not saying that #2 and #3 shouldn't be there. I'm saying that the descriptions could be a lot clearer.) I suspect that these are actually related to X.509 constraints. These constraints are, alas, *completely irrelevant* to a web browser, as far as I know. CAs are either allowed to sign HTTPS certificates (or intermediate CAs) or they are not. That should be all.
Component: Preferences → Security: UI
Product: Firefox → Core
Thanks for filing the bug. The UI in question is shared by Firefox, Thunderbird etc, which is why stuff like e-mail trust shows up even in Firefox.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Summary: The add-a-CA UI is confusing → The add-a-CA UI should not allow enabling trust bits unrelated to the app
Component: Security: UI → Security: PSM
Priority: -- → P3
Whiteboard: [psm-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.