[TrustBar] Feature request - actually a bug

Thu Mar 10 12:34:25 EST 2005

Ram: you are right, it doesn't work as planned, I believe it used to 
work in an earlier version... In any case, I consider this simply a bug, 
I don't see much point in the other option (allow the identification for 
only this instance). We'll fix this `asap`... In fact you or I should 
really fill in a bug report for this.

Thanks, Amir

Ram A M wrote:
> Amir, I was using trustbar 0.3 - I uninstalled and installed 0.3.1 to
> double check my statement.
> 
> <herzbea at cs.biu.ac.il> wrote:
> 
>>Ram, that's exactly what the `trust only this identification` option in
>>the dialog is supposed to do and convey... doesn't it work for you?
> 
> 
> It does not. For example if I visit (
> https://addons.update.mozilla.org/ ) and choose the third option in
> trustbar (trust $CA_NAME for this site) the next time I visit that
> site I still get the trustbar pop-up; what I think is best is a fourth
> option that makes this indication permanent (ie until the particular
> Server ID is replaced). Perhaps this is an incompatibility with
> another extension I am using?
> 
> kind regards,
> ram
> 
> 
> 
> 
>>Best, Amir
>>
>>Ram A M wrote:
>>
>>>Amir,
>>>
>>>Thanks for the reply.
>>>
>>>I am looking for a new option in the dialog box. Specifically when I
>>>reach a site whose certificate is trusted by the browser software but
>>>whose root CA policies do not meet my criteria for ecommerce I wish to
>>>be able to tell trustbar that I trust that site certificate explicitly
>>>but I still want to be prompted when presented different certificates
>>>anchored in the same root CA.
>>>
>>>To illustrate by example consider the case of a website that uses TLS
>>>to protect access to the site - perhaps they wish to use the opacity
>>>feature of TLS to enable a protected username / password login. I may
>>>decided that while the CA that issued that certificate isn't high
>>>enough quality for me to trust them to identify my bank I may be ok
>>>with trusting them to identify this particular site. In this scenario
>>>I don't want to face the trust dialog box each session with the site
>>>but I also don't want to ever trust that root CA without evaluating
>>>the risk for myself.
>>>
>>>ram
>>>
>>>
>>>On Wed, 09 Mar 2005 17:44:52 +0200, Amir Herzberg
>>><herzbea at macs.biu.ac.il> wrote:
>>>
>>>
>>>>Ram: do you mean you want TrustBar to help with a site certified by a CA
>>>>not in the list of trusted CAs in the browser? I'm not sure this is a
>>>>good idea - this will make TrustBar change an internal browser control.
>>>>
>>>>Or, do you mean, that when you reach a site whose cert is signed by a CA
>>>>which you don't fully trust, you want to tell TrustBar `ok, use this
>>>>cert, but don't automatically trust this CA`? If this is what you mean,
>>>>then this option already exists; in the dialog, you simply select `trust
>>>>this identification by...` (name of CA). In fact, this is supposed to
>>>>(become/be) the default.
>>>>
>>>>Is this what you wanted? Do you think we should change the text?
>>>>
>>>>Thanks, Amir Herzberg
>>>>
>>>>Ram A M wrote:
>>>>
>>>>
>>>>>Hey there,
>>>>>
>>>>>Thought I'd drop in a feature request as I've found myself in need.
>>>>>I'd like to see an additional button/feature in the trustbar pop-up
>>>>>"trust this cert only." This would have the equivalent effect to
>>>>>installing that cert into the local trust store (root list). The value
>>>>>to the user is to enable trusting of SSL for a not particularly
>>>>>sensitive site that has a cert issued by a CA I'd rather not trust for
>>>>>banking.
>>>>>
>>>>>What do you think?
>>>>>
>>>>>ram
>>>>>_______________________________________________
>>>>>TrustBar mailing list
>>>>>TrustBar at mozdev.org
>>>>>http://mozdev.org/mailman/listinfo/trustbar
>>>>>
>>>>>.
>>>>>
>>>>
>>>_______________________________________________
>>>TrustBar mailing list
>>>TrustBar at mozdev.org
>>>http://mozdev.org/mailman/listinfo/trustbar
>>>
>>>.
>>>
>>
> 
> .
> 