[Bug 1211] "always trust content from this provider" NOT to be checked as default

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Nov 8 08:48:45 PST 2012


--- Comment #4 from helpcrypto at gmail.com ---
(In reply to comment #2)
> No. It should be up to the user to determine if you want to trust a
> certificate by default.

If it appears enabled, its is cause that cert is already trusted on your
keystore. (The first time the user enable it or the applet its adding himself
as trusted, one thing our applet also does).

> Sun-java that I used earlier, remembered that I unchecked "always trust
> content from this provider" for various certificates.
> This is the behaviour that shuld be taken.
> The user IS asked if he trusts this cert. If I for any reason choose NOT to
> trust a legit certificate, that should be the default for that certificate.
> Always pretending that you can trust some cert, if you have decide not to
> trust that cert is a bad behaivour, in my eyes. (For whatever reason you
> desided it)

Our applet adds the cert as trusted once is run for the first time.
Maybe yours also. I agree is not "polite".

Using Ubuntu+icedtea7+fake cert signed applet, it always shows the warning (ie:
its always unchecked), so this is not a bug.

> None - just a html-form popping up, as I understand.

Then your effort must go in avoiding that popup being displayed, cause user can
tick the "always trust" anyway.

As I said before, write to mail list and you can get some help.

(In reply to comment #3)
> You are probably looking for 'itweb-settings'.

Did that contain a security tab for managing keystores? I dont remember that...
Anyhow, i still have to fill some request for that component. ;)

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20121108/4231b4eb/attachment.html 

More information about the distro-pkg-dev mailing list