* cgp3cg <cgp3cg@xxxxxxxxx> [2011:09:06 07:52 +1000]: > Thanks Erinn, > > I've also discovered that with this version FF defaults to saving > passwords, and that there a 4 CA certificates present for DigiNotar and > 2 for DigiNotar B.V. > > The first isn't a huge issue, but according to the changelog for 2.2.32-2: > > * Update Firefox to 6.0.1, with an additional patch to exclude > DigiNotar completely > > I've also had a quick poke at a few older versions (the only ones I have > handy): > - 2.2.25 (FF 4.0.1) > - 1.1.3 (FF 3.6.13) > > and both only show 1 CA cert for DigiNotar. Stock standard FF 6.0 also > only had one, and it's now gone completely from 6.0.1 ... so why the > presence of four in TBB? This is a change in Firefox 6.0.2 where they list them so they can explicitly distrust them. If you click on Aurora->Preferences (or Options, I think, in Windows)->View Certificates->then click on any of the DigiNotar things present, it will say at the top "Explicitly Distrust [...]". You can see some more of that here: https://hg.mozilla.org/releases/mozilla-release/rev/55b5cd1ce8fe This basically superseded our (and their) patches, and I think the reason there are so many more listed is because they got all of them, including intermediaries. To be honest, while Mozilla has been very helpful and responsive to us, we don't have complete insight into their decision-making processes so we are trusting them to do the right thing here, at least right this minute with the given time-constraints. When things have settled down a bit more we will probably revisit how TBB handles certs overall. In essence, there has been a lot of turbulence with this release (which happened 2 weeks early because of this mess, and then went through a bunch of rapid changes immediately after) so everything is a bit wobbly. We're going to be making some more radical changes and the build/QA team is basically just me, for all platforms, except when other devs & volunteers pitch in. Would you be interested in helping us out with better testing?
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk