Confirmed users
1,349
edits
Security:SSLErrorPages: Difference between revisions
→Changes in Firefox 3
(Initial commit) |
|||
| Line 21: | Line 21: | ||
This workflow is complicated, however, by the need to have the cert stored locally on the file system before it can be imported. To simplify that process, {{bug|387480}} has been opened to track the introduction of support for network-fetching a certificate, which will then be validated on the spot, and any issues called out. For certificates with non-fatal errors, a certificate fetched through this UI can be added to the list of exceptions, whereupon pages will load as before. | This workflow is complicated, however, by the need to have the cert stored locally on the file system before it can be imported. To simplify that process, {{bug|387480}} has been opened to track the introduction of support for network-fetching a certificate, which will then be validated on the spot, and any issues called out. For certificates with non-fatal errors, a certificate fetched through this UI can be added to the list of exceptions, whereupon pages will load as before. | ||
=== Host/Port Specificity === | |||
Exceptions which are added in this manner will be stored as a cert/host/port triple. This prevents a trojan self-signed certificate, issued against multiple domains, from getting itself trusted in an innocuous context and then exploiting the trust to masquerade as a target site. | |||
=== Revoked Certificates === | === Revoked Certificates === | ||
Revoked certificates are already handled by an error page, after the landing of | Revoked certificates are already handled by an error page, after the landing of | ||
{{bug|107491}}, as are all full-stop errors in NSS. They are not handled by the other bugs mentioned on this page. | {{bug|107491}}, as are all full-stop errors in NSS. They are not handled by the other bugs mentioned on this page. | ||
== Motivations & Objections == | == Motivations & Objections == | ||