[TrustBar] Feature request

Ram A M ram0502 at gmail.com
Wed Mar 9 09:19:17 EST 2005 

Amir,

Thanks for the reply.

I am looking for a new option in the dialog box. Specifically when I
reach a site whose certificate is trusted by the browser software but
whose root CA policies do not meet my criteria for ecommerce I wish to
be able to tell trustbar that I trust that site certificate explicitly
but I still want to be prompted when presented different certificates
anchored in the same root CA.

To illustrate by example consider the case of a website that uses TLS
to protect access to the site - perhaps they wish to use the opacity
feature of TLS to enable a protected username / password login. I may
decided that while the CA that issued that certificate isn't high
enough quality for me to trust them to identify my bank I may be ok
with trusting them to identify this particular site. In this scenario
I don't want to face the trust dialog box each session with the site
but I also don't want to ever trust that root CA without evaluating
the risk for myself.

ram


On Wed, 09 Mar 2005 17:44:52 +0200, Amir Herzberg
<herzbea at macs.biu.ac.il> wrote:
> Ram: do you mean you want TrustBar to help with a site certified by a CA
> not in the list of trusted CAs in the browser? I'm not sure this is a
> good idea - this will make TrustBar change an internal browser control.
> 
> Or, do you mean, that when you reach a site whose cert is signed by a CA
> which you don't fully trust, you want to tell TrustBar `ok, use this
> cert, but don't automatically trust this CA`? If this is what you mean,
> then this option already exists; in the dialog, you simply select `trust
> this identification by...` (name of CA). In fact, this is supposed to
> (become/be) the default.
> 
> Is this what you wanted? Do you think we should change the text?
> 
> Thanks, Amir Herzberg
> 
> Ram A M wrote:
> > Hey there,
> >
> > Thought I'd drop in a feature request as I've found myself in need.
> > I'd like to see an additional button/feature in the trustbar pop-up
> > "trust this cert only." This would have the equivalent effect to
> > installing that cert into the local trust store (root list). The value
> > to the user is to enable trusting of SSL for a not particularly
> > sensitive site that has a cert issued by a CA I'd rather not trust for
> > banking.
> >
> > What do you think?
> >
> > ram
> > _______________________________________________
> > TrustBar mailing list
> > TrustBar at mozdev.org
> > http://mozdev.org/mailman/listinfo/trustbar
> >
> > .
> >
>

More information about the TrustBar mailing list