On Tue, Nov 18, 2014 at 10:11 AM, Gerold Meisinger
<
gerold.m...@gmail.com> wrote:
> On 2014-11-17 23:42, Stefano Fornari wrote:
>> If I well understand it, this is to handle resources inside a page
>> (e.g. images, stylesheets, scripts, etc.). If that is the case, why
>> the current implementation does not take care of it? what the add-on
>> does today is to add the trusted certificate to the ff trustdb; from
>> that point on all requests to the same service will not require a new
>> validation any more, therefore the content will be retrieved with no
>> issues.
>
> What you said is correct for the large part except Perspectives doesn't
> add the certificate as trusted but rather makes a security exception.
> Pretty much the same what you can do as a user.
yep. I was over simplifying :)
>
> And the difference of the main request versus embedded content is that
> we don't get the "certificate not trusted"-page for embedded content
> which automatically restarts the request for us. So in my
> "embedded_content" branch there are actually exceptions installed but
> they only work if the user refreshes the page because I don't know how
> to restart them yet.
Yep, I got that point. But my point is that once the exception is
installed, the browser works well for the content unless it requests a
resource on another server for which you do not have an exception yet.
But this is not different from how the browser works without
perspective therefore to me this is not a real issue. => better to
focus on other areas probably (like the expiration as per the below).
>
>> I am not convinced by the bouncing notaries because, if 1 is true, I
>> am not sure the effort would pay off. Given that a service certificate
>> is added to the trustdb, apart from the first call that triggers the
>> about:certerror page, no other calls will interact with the notaries
>> so no browser history will be tracked by the notaries.
>
> The exception is applied everytime.
Exactly. Since the exception is applied every time (by the browser) no
notaries are actually contacted, therefore no real browsing history is
recorded (apart of course the host names the first time the service is
contacted - it seems acceptable).
>
>> What instead I thought more interesting is the concept of being able
>> at any time to change our trust of a service. In other words, if I
>> decide to trust a service today, it does not mean I want to do it
>> forever. How is this handled by perspectives?
>
> In Perspectives you currently have the option to clear the cache or
> whitelist a domain. We thought about adding ignore list as well.
>
> If we would use a Trustdb approach you could delete them in Firefox ->
> Properties -> Advanced -> Certificates -> View Certificates -> Delete or
> Distrust...
True, but this is not very user friendly and would require a user to
remember to do it (very unlike) and also to identify which certificate
is associated to which service, which in case of self-signed
certificates will not be easy. Keep in mind that differently from the
CA approach, we potentially install a certificate/exception for each
site we browse). What about:
1. clear the cache automatically once in a while; or
2. keep a validity lifespan for each certificate; or
3. use certificates validity (I guess this may not improve the
situation much for very long certificate validity).
Ste