Open
Bug 399914
Opened 17 years ago
Updated 2 years ago
Bad cert exception creation dialog should warn of existing exceptions
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: nelson, Unassigned)
References
Details
(Whiteboard: [psm-backlog])
When a user goes into the cert manager's dialog to add/create an "exception"
for a certificate that cannot be validated, and the site for which the
exception would be created already has an exception, today, the user gets no
warning, and (IINM) the new exception silently replaces the old one.
IMO, the user should get some additional warning, telling him that he has
previously approved another cert for this site, and the cert for which he
is now creating a new exception does not match the one previously recorded
for this site.
In the world of KCM, changes to the accepted key (cert) for the remote server
are the most serious, potentially most egregious, events that can be detected
and reported to the user.
Updated•17 years ago
|
Flags: blocking1.9?
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Updated•17 years ago
|
Priority: -- → P3
Comment 1•17 years ago
|
||
How should it work?
Use different strings in the add exception dialog?
Show a warning dialog box?
Comment 2•17 years ago
|
||
This is an edge case, and a danger case, so I see no need to be gentle here. What about a full stop? Leave the "Confirm Security Exception" button disabled, tell them that they already added a security exception for intranetlogin.company.com and that this site doesn't match. If they want to delete the old one and add the new one, super, but this should happen approximately never outside of an attack scenario afaict, so I think we can be onerous.
Maybe if a corporate IT shop decided to stop using self-signed certs and centralize on an internal CA? Hmm, no, even there they would just get users to add and trust the internal CA, and no exception would need to be added. I'm at a loss for finding a legitimate case that we'd be hurting here. Self-signed certs cut with short expiry dates? Switching from self-signed cert to a CA-signed, but domain mismatched cert? Nothing really plausible is leaping to mind.
Comment 3•17 years ago
|
||
A legitimate case would be:
Network appliance which has a built in cert, maybe based on its serial number.
Network appliance uses network-switch-based DHCP to automatically obtain its IP address.
Someone changes the network cables of two appliances, resulting in both machines to have a different IP but different cert.
Comment 4•17 years ago
|
||
My example can probably be summarized as: Network appliance replaced with a different physical device.
Updated•17 years ago
|
Flags: wanted1.9.0.x+
Flags: wanted-next+
Flags: tracking1.9+
Whiteboard: [psm-backlog]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•