When a user goes into the cert manager's dialog to add/create an "exception" for a certificate that cannot be validated, and the site for which the exception would be created already has an exception, today, the user gets no warning, and (IINM) the new exception silently replaces the old one. IMO, the user should get some additional warning, telling him that he has previously approved another cert for this site, and the cert for which he is now creating a new exception does not match the one previously recorded for this site. In the world of KCM, changes to the accepted key (cert) for the remote server are the most serious, potentially most egregious, events that can be detected and reported to the user.

How should it work? Use different strings in the add exception dialog? Show a warning dialog box?

This is an edge case, and a danger case, so I see no need to be gentle here. What about a full stop? Leave the "Confirm Security Exception" button disabled, tell them that they already added a security exception for intranetlogin.company.com and that this site doesn't match. If they want to delete the old one and add the new one, super, but this should happen approximately never outside of an attack scenario afaict, so I think we can be onerous. Maybe if a corporate IT shop decided to stop using self-signed certs and centralize on an internal CA? Hmm, no, even there they would just get users to add and trust the internal CA, and no exception would need to be added. I'm at a loss for finding a legitimate case that we'd be hurting here. Self-signed certs cut with short expiry dates? Switching from self-signed cert to a CA-signed, but domain mismatched cert? Nothing really plausible is leaping to mind.

A legitimate case would be: Network appliance which has a built in cert, maybe based on its serial number. Network appliance uses network-switch-based DHCP to automatically obtain its IP address. Someone changes the network cables of two appliances, resulting in both machines to have a different IP but different cert.

My example can probably be summarized as: Network appliance replaced with a different physical device.

reassign bug owner. mass-update-kaie-20120918