Thanks Gerv, I take your point. I think I do get a list of user certs from Keychain on Mac but I suppose that may not modify your response from a coding point of view.
My point is that Firefox will be no good for the web if no one is using it. 1. I have seen Firefox go from recommended browser to eliminated from my organisation over a period of about 3 years due to this and one other "strict security" "issue". (1 or 2 of us left, but I doubt there's anyone else other than me, actually). 2. I have seen intimations that similar experiences are appearing on forums. 3. These people love Firefox, think Firefox is the best for the web, and don't want to lose it. Have you evaluated the threat? Are you happy for Firefox to be eliminated from enterprise and become a domestic only browser, and possibly to lose significant market share in the domestic market too, with a long term worst case of Firefox becoming a niche browser like Opera? I don't have the information to assess accurately, but I'm hoping you do. It's hard to link particular issues with actual drop in share but with an open mind and some research I thinking making some intuitive guesses gives probable solutions (which are better than none). Even W3 schools, which I would expect to be a core Firefox stronghold from a dev point of view, shows 2 points loss this half year and a slight S curve from almost 50% share in 2009, with 6 / 7 % losses per year from 2010 - 2012 and reliable minimum 3% loss per year since then, by this unrepresentative generous sampling method. Firefox is now down to 40% of it's 2009 share. That's 60% loss of original share over the last 6 years. I know this is a complex issue. I'm not saying I have certainties or have your level of understanding of the history. I'm not asking for an explanation of Firefox decline, I'm just saying with respect to this particular _kind of issue_ (I know of 2 instances that hit my organisation that accomplished full removal of Firefox over 3 years) it looks to me like this could be one _kind of issue_ where known solutions exist and can be having a big influence on Firefox usage, significantly out of proportion to the effort and ability to fix it; have you evaluated the threat? On Tuesday, 15 September 2015 19:21:26 UTC+10, Gervase Markham wrote: > On 15/09/15 01:12, Anil Gulati wrote: > > To remove unnecessary impediments to Firefox use and adoption wouldn't it > > make sense to configure Firefox to use the OS cert store by default, and > > allow an option to use internal cert database? > > We would love it if the OS would give us a list of _just_ the > user-installed certs, but as far as we are aware, this is not possible > on Windows. > > See https://bugzilla.mozilla.org/show_bug.cgi?id=432802 for more details. > > As I noted there, due to these API problems, "recognizing the Windows > trust store is equivalent to abandoning our own root program and > adopting whatever Microsoft decides (because we can't tell which certs > are user-imported and which are MS-provided). That would not be a good > thing for the web." > > Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
