Hi folks,
I wanted to bring up some changes we are making to how Firefox handles
SSL with certificates of unknown provenance (self-signed, expired,
untrusted CA, domain mismatch). I've documented the details in the wiki
here:
http://wiki.mozilla.org/Security:SSLErrorPages
which, in turn, points to bugs 327181 and 387480. The very short
version is that the current SSL error dialogs will be replaced with
error pages that do not offer default-unsafe one-click overrides. This
will also involve improving support for adding trust exceptions from the
certificate manager, since those trust exceptions will be the way around
the error pages.
If there are gaping holes in the approach here, it would be helpful to
know that!
Cheers,
Johnathan
PS - Cross posted to dev.sec and d.t.crypto, but please follow up to
d.a.firefox.
--
Johnathan Nightingale
Human Shield
Mozilla Corporation
[EMAIL PROTECTED]
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
