[TrustBar] Feature request

Wed Mar 9 20:44:47 EST 2005

Amir, I was using trustbar 0.3 - I uninstalled and installed 0.3.1 to
double check my statement.

<herzbea at cs.biu.ac.il> wrote:
> Ram, that's exactly what the `trust only this identification` option in
> the dialog is supposed to do and convey... doesn't it work for you?

It does not. For example if I visit (
https://addons.update.mozilla.org/ ) and choose the third option in
trustbar (trust $CA_NAME for this site) the next time I visit that
site I still get the trustbar pop-up; what I think is best is a fourth
option that makes this indication permanent (ie until the particular
Server ID is replaced). Perhaps this is an incompatibility with
another extension I am using?

kind regards,
ram

> 
> Best, Amir
> 
> Ram A M wrote:
> > Amir,
> >
> > Thanks for the reply.
> >
> > I am looking for a new option in the dialog box. Specifically when I
> > reach a site whose certificate is trusted by the browser software but
> > whose root CA policies do not meet my criteria for ecommerce I wish to
> > be able to tell trustbar that I trust that site certificate explicitly
> > but I still want to be prompted when presented different certificates
> > anchored in the same root CA.
> >
> > To illustrate by example consider the case of a website that uses TLS
> > to protect access to the site - perhaps they wish to use the opacity
> > feature of TLS to enable a protected username / password login. I may
> > decided that while the CA that issued that certificate isn't high
> > enough quality for me to trust them to identify my bank I may be ok
> > with trusting them to identify this particular site. In this scenario
> > I don't want to face the trust dialog box each session with the site
> > but I also don't want to ever trust that root CA without evaluating
> > the risk for myself.
> >
> > ram
> >
> >
> > On Wed, 09 Mar 2005 17:44:52 +0200, Amir Herzberg
> > <herzbea at macs.biu.ac.il> wrote:
> >
> >>Ram: do you mean you want TrustBar to help with a site certified by a CA
> >>not in the list of trusted CAs in the browser? I'm not sure this is a
> >>good idea - this will make TrustBar change an internal browser control.
> >>
> >>Or, do you mean, that when you reach a site whose cert is signed by a CA
> >>which you don't fully trust, you want to tell TrustBar `ok, use this
> >>cert, but don't automatically trust this CA`? If this is what you mean,
> >>then this option already exists; in the dialog, you simply select `trust
> >>this identification by...` (name of CA). In fact, this is supposed to
> >>(become/be) the default.
> >>
> >>Is this what you wanted? Do you think we should change the text?
> >>
> >>Thanks, Amir Herzberg
> >>
> >>Ram A M wrote:
> >>
> >>>Hey there,
> >>>
> >>>Thought I'd drop in a feature request as I've found myself in need.
> >>>I'd like to see an additional button/feature in the trustbar pop-up
> >>>"trust this cert only." This would have the equivalent effect to
> >>>installing that cert into the local trust store (root list). The value
> >>>to the user is to enable trusting of SSL for a not particularly
> >>>sensitive site that has a cert issued by a CA I'd rather not trust for
> >>>banking.
> >>>
> >>>What do you think?
> >>>
> >>>ram
> >>>_______________________________________________
> >>>TrustBar mailing list
> >>>TrustBar at mozdev.org
> >>>http://mozdev.org/mailman/listinfo/trustbar
> >>>
> >>>.
> >>>
> >>
> > _______________________________________________
> > TrustBar mailing list
> > TrustBar at mozdev.org
> > http://mozdev.org/mailman/listinfo/trustbar
> >
> > .
> >
>