[Bug 1211] "always trust content from this provider" NOT to be checked as default

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Nov 8 08:34:33 PST 2012 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1211

--- Comment #2 from icedtea.classpath.org at henning.wangerin.dk ---
(In reply to comment #1)
> (In reply to comment #0)
> > Is there a way to force the "always trust content from this provider" NOT to
> > be checked as default.
> 
> This is checked when the certificate used to sign an applet, IS a trusted
> certificate. This behaviour, SHOULD remain like that for trusted certs.

No. It should be up to the user to determine if you want to trust a certificate
by default.

> > I do NOT want to trust the signers by default, but might opt-in to certain
> > signers.
> 
> If you sign an applet using a dummy cert, this checkbox will not be checked
> by default.

Correct.

> > In details the danish digital signature-thing requieres java :-(
> 
> Same as we do, cause theres not a better approach :(

Sun-java that I used earlier, remembered that I unchecked "always trust content
from this provider" for various certificates.

This is the behaviour that shuld be taken.
The user IS asked if he trusts this cert. If I for any reason choose NOT to
trust a legit certificate, that should be the default for that certificate.

Always pretending that you can trust some cert, if you have decide not to trust
that cert is a bad behaivour, in my eyes. (For whatever reason you desided it)

> > Some malware has tried to popup a form to steal the login-info from the
> > user. I prevent this by willingly NOT accepting to trust the provider. That
> > way I'm forced to accept it when I want to use the applet, someone trying to
> > use a look-alike form would be detected.
> 
> Which certificate is being used to sign the applet?
> Its the malware an applet?

No.

> Which certificate is the malware signed with?

None - just a html-form popping up, as I understand.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20121108/b1a9dd34/attachment.html

More information about the distro-pkg-dev mailing list