[TrustBar] Feature request - actually a bug

Thu Mar 10 08:08:25 EST 2005

Amir, bug #9501 created. Thanks again for a valuable extension!

kind regards,
ram

On Thu, 10 Mar 2005 12:34:25 +0200, Amir Herzberg
<herzbea at macs.biu.ac.il> wrote:
> Ram: you are right, it doesn't work as planned, I believe it used to
> work in an earlier version... In any case, I consider this simply a bug,
> I don't see much point in the other option (allow the identification for
> only this instance). We'll fix this `asap`... In fact you or I should
> really fill in a bug report for this.
> 
> Thanks, Amir
> 
> Ram A M wrote:
> > Amir, I was using trustbar 0.3 - I uninstalled and installed 0.3.1 to
> > double check my statement.
> >
> > <herzbea at cs.biu.ac.il> wrote:
> >
> >>Ram, that's exactly what the `trust only this identification` option in
> >>the dialog is supposed to do and convey... doesn't it work for you?
> >
> >
> > It does not. For example if I visit (
> > https://addons.update.mozilla.org/ ) and choose the third option in
> > trustbar (trust $CA_NAME for this site) the next time I visit that
> > site I still get the trustbar pop-up; what I think is best is a fourth
> > option that makes this indication permanent (ie until the particular
> > Server ID is replaced). Perhaps this is an incompatibility with
> > another extension I am using?
> >
> > kind regards,
> > ram
> >
> >
> >
> >
> >>Best, Amir
> >>
> >>Ram A M wrote:
> >>
> >>>Amir,
> >>>
> >>>Thanks for the reply.
> >>>
> >>>I am looking for a new option in the dialog box. Specifically when I
> >>>reach a site whose certificate is trusted by the browser software but
> >>>whose root CA policies do not meet my criteria for ecommerce I wish to
> >>>be able to tell trustbar that I trust that site certificate explicitly
> >>>but I still want to be prompted when presented different certificates
> >>>anchored in the same root CA.
> >>>
> >>>To illustrate by example consider the case of a website that uses TLS
> >>>to protect access to the site - perhaps they wish to use the opacity
> >>>feature of TLS to enable a protected username / password login. I may
> >>>decided that while the CA that issued that certificate isn't high
> >>>enough quality for me to trust them to identify my bank I may be ok
> >>>with trusting them to identify this particular site. In this scenario
> >>>I don't want to face the trust dialog box each session with the site
> >>>but I also don't want to ever trust that root CA without evaluating
> >>>the risk for myself.
> >>>
> >>>ram
> >>>
> >>>
> >>>On Wed, 09 Mar 2005 17:44:52 +0200, Amir Herzberg
> >>><herzbea at macs.biu.ac.il> wrote:
> >>>
> >>>
> >>>>Ram: do you mean you want TrustBar to help with a site certified by a CA
> >>>>not in the list of trusted CAs in the browser? I'm not sure this is a
> >>>>good idea - this will make TrustBar change an internal browser control.
> >>>>
> >>>>Or, do you mean, that when you reach a site whose cert is signed by a CA
> >>>>which you don't fully trust, you want to tell TrustBar `ok, use this
> >>>>cert, but don't automatically trust this CA`? If this is what you mean,
> >>>>then this option already exists; in the dialog, you simply select `trust
> >>>>this identification by...` (name of CA). In fact, this is supposed to
> >>>>(become/be) the default.
> >>>>
> >>>>Is this what you wanted? Do you think we should change the text?
> >>>>
> >>>>Thanks, Amir Herzberg
> >>>>
> >>>>Ram A M wrote:
> >>>>
> >>>>
> >>>>>Hey there,
> >>>>>
> >>>>>Thought I'd drop in a feature request as I've found myself in need.
> >>>>>I'd like to see an additional button/feature in the trustbar pop-up
> >>>>>"trust this cert only." This would have the equivalent effect to
> >>>>>installing that cert into the local trust store (root list). The value
> >>>>>to the user is to enable trusting of SSL for a not particularly
> >>>>>sensitive site that has a cert issued by a CA I'd rather not trust for
> >>>>>banking.
> >>>>>
> >>>>>What do you think?
> >>>>>
> >>>>>ram
> >>>>>_______________________________________________
> >>>>>TrustBar mailing list
> >>>>>TrustBar at mozdev.org
> >>>>>http://mozdev.org/mailman/listinfo/trustbar
> >>>>>
> >>>>>.
> >>>>>
> >>>>
> >>>_______________________________________________
> >>>TrustBar mailing list
> >>>TrustBar at mozdev.org
> >>>http://mozdev.org/mailman/listinfo/trustbar
> >>>
> >>>.
> >>>
> >>
> >
> > .
> >
>