CA:MaintenanceAndEnforcement: Difference between revisions

Jump to navigation Jump to search

CA:MaintenanceAndEnforcement (view source)

Revision as of 20:28, 19 October 2015

328 bytes removed ,  19 October 2015
m
→‎Concerns
Line 128: Line 128:
** Possible Scenario: A cross-signing relationship is overlooked, so the malicious certificate continues to be trusted even after the security update.
** Possible Scenario: A cross-signing relationship is overlooked, so the malicious certificate continues to be trusted even after the security update.
** Possible Solution: {{Bug|808839}} - Ability to Actively Distrust all certs with a particular Subject.
** Possible Solution: {{Bug|808839}} - Ability to Actively Distrust all certs with a particular Subject.
* The Certificate Manager does not recognize the "distrust" flag, so there is no distinction in the user interface between Actively Distrusted certificates and all other certificates. Additionally, users can manually turn on the trust bits for Actively Distrusted certificates.
* The Certificate Manager does not recognize the "distrust" flag, so there is no distinction in the user interface between certificates that have been Actively Distrusted in NSS and all other certificates. The distrusted certificate(s) should also be added to OneCRL, so the certificate(s) will still be distrusted even if the user manually turns on the trust bits for Actively Distrusted certificates.  
** Possible Scenario: A user gets an error message that a website they browsed to is untrusted. They open the Certificate Manager and turn on the trust bits for an Actively Distrusted cert. This change is permanent until the user manually restores the default root settings or turns off the trust bits for that cert. So at some later date the user could accidentally browse to the corresponding malicious website and the site will appear to be trusted.
** Possible Solutions: {{Bug|470994}}, {{Bug|733716}}. For Actively Distrusted certs, remove the cert entry from the NSS built-in cert list, and only keep the (dis)trust entry.
** Possible Solutions: {{Bug|470994}}, {{Bug|733716}}. For Actively Distrusted certs, remove the cert entry from the NSS built-in cert list, and only keep the (dis)trust entry.
* If the certificate to be Actively Distrusted is used by a large portion of the internet population, immediately distrusting the certificate could make many high-traffic websites no longer be reachable, giving the appearance of a large network outage, or users might take actions (such as permanently trusting the bad cert) to bypass error messages.  
* If the certificate to be Actively Distrusted is used by a large portion of the internet population, immediately distrusting the certificate could make many high-traffic websites no longer be reachable, giving the appearance of a large network outage, or users might take actions (such as permanently trusting the bad cert) to bypass error messages.  
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1101361"

Navigation menu