ad kalendas graecas

Today, nearly 4 years, 123 comments and 42 votes after having been opened, Mozilla bug 228684 – Remember overrides of Certificate Domain Name Mismatch was updated to Resolved.

4 Responses

  1. Felix says:

    December 4, 2007 at 11:26 am

    The question is… now that the bug is fixed, how do I disable the message from reappearing? I use Thunderbird on Linux.

  2. andrew says:

    December 4, 2007 at 11:57 am


    Try adding the server here:
    Edit > Preferences > Advanced > Encryption > View Certificates > Servers > Add Exception…

    Short and sweet ;-)

  3. Krellan says:

    December 7, 2007 at 9:29 pm

    Unfortunately it wasn’t closed as RESOLVED FIXED.

    It was instead closed as RESOLVED DUPLICATE, and the duplicate bug that it has been redirected to, seems to be for some other feature. A lot of the problems still remain.

    I much prefer the behaviour of this extension, over the proposed new behaviour in Firefox 3.0.

    This extension does the correct thing: remembering the current situation as a “known good” condition. Then, when anything happens in the future, it allows the warnings to re-appear, which is a good thing.

    Using the preferences in Firefox to add an exception, thus disabling the check altogether, is a bad move. What if the certificate was remembered by the user as pointing to one mismatched domain, but then later on, the certificate is sneakily replaced by an attacker and pointed to *another* *different* mismatched domain, as part of a real MITM attack?

    This extension remembers pairs of domains, certificate domain and website domain, which is a better approach. During the real MITM above, the warning would re-appear, because it didn’t match what was remembered before. The user would be warned, and they would be able to see what the new domain was. They would see it, and know to stay away. The new proposed error page in Firefox 3.0 doesn’t do this, and it doesn’t even tell the user what the mismatched domains were! That is scary.

    This extension also does the same thing for expired certificates, remembering the certificate’s expiration time. If this expiration time were to ever change to something else, the user would get the warning again, which is good to protect against certificates that again might be replaced by an attacker during a real MITM attack.

    I also wrote about this here, as part of this bug report:

  4. MinhKHostler says:

    July 10, 2016 at 10:38 am

    I blog often and I really appreciate your information. This article has truly peaked my interest.
    I’m going to book mark your site and keep checking for new information about once a week.

    I subscribed to your Feed too.

Leave a Reply