CA:MaintenanceAndEnforcement: Difference between revisions

Jump to navigation Jump to search

CA:MaintenanceAndEnforcement (view source)

Revision as of 17:55, 8 November 2012

2 bytes added ,  8 November 2012
m
→‎Concerns
Line 145: Line 145:
* The Certificate Manager does not recognize the "distrust" flag, so there is no distinction in the user interface between Actively Distrusted certificates and all other certificates. Additionally, users can manually turn on the trust bits for Actively Distrusted certificates.  
* The Certificate Manager does not recognize the "distrust" flag, so there is no distinction in the user interface between Actively Distrusted certificates and all other certificates. Additionally, users can manually turn on the trust bits for Actively Distrusted certificates.  
** Possible Scenario: A user gets an error message that a website they browsed to is untrusted. They open the Certificate Manager and turn on the trust bits for an Actively Distrusted cert. This change is permanent until the user manually restores the default root settings or turns off the trust bits for that cert. So at some later date the user could accidentally browse to the corresponding malicious website and the site will appear to be trusted.
** Possible Scenario: A user gets an error message that a website they browsed to is untrusted. They open the Certificate Manager and turn on the trust bits for an Actively Distrusted cert. This change is permanent until the user manually restores the default root settings or turns off the trust bits for that cert. So at some later date the user could accidentally browse to the corresponding malicious website and the site will appear to be trusted.
** Possible Solution: {{Bug|470994}}, {{Bug|733716}}
** Possible Solutions: {{Bug|470994}}, {{Bug|733716}}
* Distrusting a certificate requires a release to the NSS root module and to Firefox, and users have to choose to upgrade to the new version.  
* Distrusting a certificate requires a release to the NSS root module and to Firefox, and users have to choose to upgrade to the new version.  
** Possible Scenario: An end user decides not to update their version of Firefox, so they continue to trust the certificate, somehow browse to the corresponding malicious website, and the website is shown as trusted.
** Possible Scenario: An end user decides not to update their version of Firefox, so they continue to trust the certificate, somehow browse to the corresponding malicious website, and the website is shown as trusted.
** Possible Solution: {{Bug|647868}} or https://wiki.mozilla.org/Security/Features/Cert_Blocklist_via_Update_Ping
** Possible Solutions: {{Bug|647868}} or https://wiki.mozilla.org/Security/Features/Cert_Blocklist_via_Update_Ping
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/486079"

Navigation menu