Public bug reported:
Binary package hint: firefox
Hi,
Updating the list of trusted root certificate authorities across all users of a
system seems requires rebuilding a library. Non-root certificates may similarly
be impacted.
update-ca-certificates could be a mechanism to update the root
certificates used by firefox.
On a corporate install of firefox, currently the only options to adding an
internal root certificate authority are to:
* Hack it into the user creation script to extract a pre-created profile,
and update all the existing users profile directory. This bypasses the random
profile directory creation.
* Re-compile the shared library (.so) containing the root certificate
authorities (extra maintenance for dealing with ubuntu package updates).
* Have every user of the system go through a manual process of adding the
root certificate (most users don't know how).
* Use a plugin extension for firefox (do any exist?) that is automatically
used by all users (can this be done?)
* Have the root certificate signed at great expense by an external root
certificate authority already included. CaCert integration would lower the cost
but that seems far away, and is still an external authority. These root
certificates also might be limited to a single domain (wildcard certificate?)
or have other limitations ("low" expiry?, contractual restrictions...).
It seems unlikely that Mozilla will move away from having the root
certificates stored in the shared library as it would take some control
away from them. The shared libary method makes it harder for malicious
changes to be made, but only by adding the barier of recompilation and
installation of a shared library.
Thanks,
Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
--
Updating system certificates requires rebuild
https://bugs.launchpad.net/bugs/543183
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
