[Bug 1211] "always trust content from this provider" NOT to be checked as default

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Nov 8 08:10:02 PST 2012 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1211

helpcrypto at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |helpcrypto at gmail.com

--- Comment #1 from helpcrypto at gmail.com ---
(In reply to comment #0)
> Is there a way to force the "always trust content from this provider" NOT to
> be checked as default.

This is checked when the certificate used to sign an applet, IS a trusted
certificate. This behaviour, SHOULD remain like that for trusted certs.


> I do NOT want to trust the signers by default, but might opt-in to certain
> signers.

If you sign an applet using a dummy cert, this checkbox will not be checked by
default.


> In details the danish digital signature-thing requieres java :-(

Same as we do, cause theres not a better approach :(


> Some malware has tried to popup a form to steal the login-info from the
> user. I prevent this by willingly NOT accepting to trust the provider. That
> way I'm forced to accept it when I want to use the applet, someone trying to
> use a look-alike form would be detected.

Which certificate is being used to sign the applet?
Its the malware an applet?
Which certificate is the malware signed with?
Dont hesitate to ask anything to me (on icedtea mail list).


> That's why it's very bad that I can't always disable the "always trust
> content from this provider". Right now I have setup a a loader-script for
> firefox, to delete ~/.icedtea. It was he only way I could find to forget a
> mark in "always trust content from this provider"

AFAIK, icedtea lacks ControlPanel, but this kind of certificates are stored as
trusted certs on icedtea keystores. Probably keytool will do the trick in a
better way.
If you have any more questions, ask on the list

Bye

PS: Could anyone mark this as invalid?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20121108/2c661a5b/attachment.html

More information about the distro-pkg-dev mailing list