On Wednesday, 16 September 2015 18:14:28 UTC+10, Kurt Roeckx wrote: > On 2015-09-15 02:12, Anil Gulati wrote: > > So I'd agree Firefox is not being too strict (in this scenario anyway - I > > had previous issues a few months ago where Chrome worked and Firefox > > didn't) but Firefox does have the additional step to install certs in it's > > own certificate database instead of referring to the OS. In our case this > > additional step was hard enough to prevent Firefox from working for several > > days. I guess if there were any Firefox users in our organisation before it > > seems unlikely there are any left now. > > It seems to me that the issues are: > - The IT department wants to MITM you for some reason, and Firefox > complains like it should. You *are* actively being attacked. > - The IT department (or some contractor) knows how to deal with chrome > (and internet explorer) so it allows this, but doesn't know how to do it > with Firefox. I would argue that this isn't Firefox's problem, it has > always had the functionality to allow it. > > > To remove unnecessary impediments to Firefox use and adoption wouldn't it > > make sense to configure Firefox to use the OS cert store by default, and > > allow an option to use internal cert database? I know there's code costs > > but if people are not using Firefox there's no Firefox. Even now our IT has > > a working cert I'm not sure they have a way to automatically install into > > Firefox for all users. > > I think they can distribute the certificate for use by chrome and > internet explorer by using the group policy and so it's trivial for them > to distribute it to all the PCs. It might be a little bit more > complicated to do the same for Firefox. > > Kurt
Yes, I agree. From my limited perspective and knowledge I trust you as an authority that that's probably completely correct. But that's not the issue. I've got a concern that security management in Firefox is too hard for enterprise and may additionally have problems for domestic users that is stopping Firefox from "working" from their perspective and significantly affecting market share. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
