Closed
Bug 34932
Opened 27 years ago
Closed 23 years ago
RFE: S/MIME signature with untrusted CA show yellow stamp
Categories
(MailNews Core :: Security: S/MIME, enhancement, P3)
Tracking
(Not tracked)
CLOSED
WONTFIX
Future
People
(Reporter: kysmith, Assigned: mscott)
References
Details
(This bug imported from BugSplat, Netscape's internal bugsystem. It
was known there as bug #89725
http://scopus.netscape.com/bugsplat/show_bug.cgi?id=89725
Imported into Bugzilla on 04/06/00 16:59)
Entered by debsmith - 08-Aug-97 10:45
Platform: Win95 Browser: 4.01
_______________________________________________________
Netscape's current behavior of putting up a
big red "invalid signature" warning on emails with unrecognized certs is
possibly a bug, or at least a crying need for a feature improvement.
Can we work with Netscape to get this fixed in a future version?
Here is the behavior requested:
Green stamp (Ok) - all ok
Yellow stamp with question mark (Untrusted) - the signature on the message is
correct, and all certificates in the chain are valid, but there's no trusted
root.
Red stamp with the universal not symbol (Invalid) - any one of the
certificates in the chain has been marked specifically as untrusted, one of
the certificates in the chain is expired or has an invalid signature, or
there is a CRL entry for one of the certificates in the chain (when netscape
starts using CRLs).
------- Additional Comments From jfriend 10/08/97 14:55 -------
I understand why they are asking for what they are asking for - it is the way
the end-user thinks of the problem. I also understand that it's not as simple
as that because a fourth possibility is that the message has been mucked with
to
make it look like the yellow or red case. Even with that reality, it would be
good to find a better end-user situation since the untrusted or unknown CA is
the 99% end-user case. Assigning to the security folks for a response.
------- Additional Comments From repka 05/07/98 17:07 -------
Well, I'm no UI designer. Hagan came up with the original stuff,
and she thought it was very important to keep things extremely simple.
So, signatures were either bad or good. Sure, the bad ones varied,
which is why the SA (Security Advisor, or Security Info or whatever
it's called these days) gives more detailed information.
Sure, there may be a better way to do this. But, as with all security
UI, we have to be careful. Best I can do is reassign this to Jonas.
Adding lots of folks to the cc list; those who care about security UI
and/or certificates/trust, which is what this is all about. If any of
you wants off the list, my apologies -- feel free to remove yourself.
------- Additional Comments From lord 05/09/98 14:32 -------
Although unlikely, I can imagine that it's possible for a man-in-the-middle to
modify my e-mail to you, and also modify the cert chain and signature. The end
result might be that (a) you think I'm using a new CA since you see the Yellow
icon, and (b) you go through the excercise of trusting that new, Evil CA.
I agree the UE is lacking, but this problem is quite hard to solve in a way
that
will make everyone happy. (Maybe we can consider a Yellow icon when you sign
*and* encrypt?)
What is this person trying to do? Did she buy our Certificate Server and try
to
deploy?
------- Additional Comments From jonas 05/14/98 13:46 -------
Marking later. Won't get around to designing anything new for this for 4.5
------- Additional Comments From marek Apr-03-2000 18:04 -------
mass resolving LATER and REMIND bugs as WONTFIX (however, if you own one of
these and have a fix that can be checked into 4.73 [assuming that you have QA
lined up for it], please contact 4.73 project manager -- angelabu)
Comment 1•25 years ago
|
||
Old bug just moved from internal to bugzilla. Reopening bug so I can
reassign it and comment on it.
Status: RESOLVED → UNCONFIRMED
Comment 2•25 years ago
|
||
This is not an NSS bug, but for lack of a better place to put it, here
it is. Since chrisk owns S/MIME more than any other person, he gets
stuck with it. If/when he can identify who owns the S/MIME User Interface,
this would belong to *that* person. It is a complaint about the current
way we display a signature when the signing chain is not recognized,
and should be considered in the UI design for S/MIME in the new client.
Assignee: jonas → chrisk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•24 years ago
|
Status: NEW → ASSIGNED
Comment 3•24 years ago
|
||
Change summary, was "@Home #922 - invalid cert request"
Severity: normal → enhancement
Summary: @Home #922 - invalid cert request → RFE: S/MIME signature with untrusted CA show yellow stamp
Updated•24 years ago
|
Component: Libraries → Mail Window Front End
Product: NSS → MailNews
Target Milestone: --- → Future
Version: unspecified → other
Comment 4•24 years ago
|
||
This should be considered when S/MIME is integrated
into Mozilla.
Assignee: chrisk → putterman
Status: ASSIGNED → NEW
QA Contact: esther
Comment 6•23 years ago
|
||
Changing component to security S/Mime.
Component: Mail Window Front End → S/MIME
Product: MailNews → PSM
Version: other → unspecified
Comment 7•23 years ago
|
||
This bug is now invalid. There is no lock icon on the three pane mail window. UI
for the signature status is being implemented in bug 115010.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Comment 8•23 years ago
|
||
There is no lock icon on the three pane mail window, but there's still a status
icons in bug 115010, and it will show an "invalid signature" on emails with
unrecognized root certs.
You may decide that this is the way to do, and mark the bug WONTFIX, but the GUI
modification has not made it invalid.
Comment 10•23 years ago
|
||
Reopening
Status: RESOLVED → REOPENED
QA Contact: alam → junruh
Resolution: INVALID → ---
Comment 11•23 years ago
|
||
Marking wontfix.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•