cstkingkey wrote:I begin to remove certificates because some people try to remove the some default certs because of some security concerns.
Probably not a good idea. Mozilla has actual security people maintaining that list and "some people" do all kinds of stupid things in the name of "security", usually based on rumors and hearsay. It's a slippery slope down that path towards a browser that won't actually do anything.
As I said, it works for the most time, at least for me, and I provide the cert module with the firefox's set of certs.
You should at least explain why you are removing the certs. If you don't trust them you should have a good reason and state it. Otherwise, you are putting your users at risk for no good reason.
Post wrangler "Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
LoudNoise wrote:You should at least explain why you are removing the certs. If you don't trust them you should have a good reason and state it. Otherwise, you are putting your users at risk for no good reason.
From my understanding, removing certs won't lead to security problems. And as I said, I remove them mainly because I think they are "unnecessary".
Your understanding isn't correct. If nothing else, your users will be asked to allow a missing certification to be installed. If they decided not to install a server cert it could easy mean that something, like a phishing site, could say it was secure (https) and present a phony thawte cert. Same thing could happen with code signing.
Unless you know a great deal about how the cert works this is only an exercise in vanity anyway. Any impact that on the performance wouldn't be measurable.
Post wrangler "Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
LoudNoise wrote:Your understanding isn't correct. If nothing else, your users will be asked to allow a missing certification to be installed. If they decided not to install a server cert it could easy mean that something, like a phishing site, could say it was secure (https) and present a phony thawte cert. Same thing could happen with code signing.
Unless you know a great deal about how the cert works this is only an exercise in vanity anyway. Any impact that on the performance wouldn't be measurable.
I don't understand what you said. With the default set of certs, a phishing site can also present a phony twawte cert.
Gemini6 wrote:I like this idea of a light version of Firefox. Some time ago, I tried Light-26, then I dropped because it did not have printing. Now as Light-28 has printing support, I have been testing since a few days, and it is running very well. Thank you. Then, I discovered that I cannot log in to my bank account. It says there is some kind of certificate error. I read through this thread, and it seems that Light doesn't have necessary certificates. I downloaded and replaced nssckbi.dll, but still no joy. I am wondering for which reason Light removes certificates. Removing certificates does not make a browser much lighter, does it? Is it possible to offer a version of Light that can log in to secure sites? These days all applications are becoming bigger and bigger in size with boated features. So, I really like this idea of making a light version of Firefox!!
Please read the wiki at my sf project and try turning off the new cert verifier. I begin to remove certificates because some people try to remove the some default certs because of some security concerns. It's much easier to add one cert than remove one. And I notice that windows only include a few of certs and a lots of certs in firefox seem unnecessary . So I removed most certs according to the window's default list. It woks for the most time. Then I provide the original certs just in case.
Thanks. I replaced nssckbi.dll with the downloaded one, and I disabled "security.use_insanity_verification", and it seems to work with my bank account.
However, doesn't disabling this verification make the browser more insecure than before? I still think a browser should work without fiddling from the start.
Anyway, I really like this idea of a light version of Firefox. Thank you again.
You're right; the reset is "broken" for saving bookmarks so I've lost them but I don't think there were any crucial ones. And I have disabled the cert verifier so I can access hotmail.
Err, no that isn't correct. The entire point of certs is to keep this from happening. If a have a cert at my site it must of an authority Firefox trusts and there will be communication between the authority and Firefox to make sure the cert is valid. If I were to fake a certification the authority would reject it. Nor could I spoof the authority since Firefox has a built in certificate that tells it how to contact the authority and how to confirm the authority is real (a public/private key exchange).
That said, I seem to be driving your thread off topic. If you are interested I started a topic about this in Tech. viewtopic.php?f=37&t=2813699
Post wrangler "Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
Gemini6 wrote:Thanks. I replaced nssckbi.dll with the downloaded one, and I disabled "security.use_insanity_verification", and it seems to work with my bank account.
However, doesn't disabling this verification make the browser more insecure than before? I still think a browser should work without fiddling from the start.
Anyway, I really like this idea of a light version of Firefox. Thank you again.
It won't make it less secure. Actually the new cert verifier is not enabled in firefox due to its development state. It's the bugs that cause the inconvenience. I was too optimistic.
Gemini6 wrote:Thanks. I replaced nssckbi.dll with the downloaded one, and I disabled "security.use_insanity_verification", and it seems to work with my bank account.
However, doesn't disabling this verification make the browser more insecure than before? I still think a browser should work without fiddling from the start.
Anyway, I really like this idea of a light version of Firefox. Thank you again.
It won't make it less secure. Actually the new cert verifier is not enabled in firefox due to its development state. It's the bugs that cause the inconvenience. I was too optimistic.
Thank you. Just a small update. I actually don't need to replace nssckbi.dll with the downloaded one for Light to work with secure sites. Just disabling "security.use_insanity_verification" is enough for logging in to secure sites, such as bank accounts, airline company accounts, etc. So, please keep on this good way!! I will use Light as my daily browser.
Hi; thanks for Light, it's the first time in one year that I can use Firefox without crashing, freezing or not answering issues (XP SP3, intel core2 duo, 1GB RAM). Apart from some issues importing my old settings from Firefox I have noticed that every time I modify an element in the tool bars, the menu bar becomes idle, it fades and it won't be ready until I restart Light. I'm using 29.0, ICC, default (classic, I guess) theme; add ons: Adblock edge, download helper, down 'em all.
damm wrote:Hi; thanks for Light, it's the first time in one year that I can use Firefox without crashing, freezing or not answering issues (XP SP3, intel core2 duo, 1GB RAM). Apart from some issues importing my old settings from Firefox I have noticed that every time I modify an element in the tool bars, the menu bar becomes idle, it fades and it won't be ready until I restart Light. I'm using 29.0, ICC, default (classic, I guess) theme; add ons: Adblock edge, download helper, down 'em all.
I can't find the problem. Can you reproduce this with a new profile ?
damm wrote:Hi; thanks for Light, it's the first time in one year that I can use Firefox without crashing, freezing or not answering issues (XP SP3, intel core2 duo, 1GB RAM). Apart from some issues importing my old settings from Firefox I have noticed that every time I modify an element in the tool bars, the menu bar becomes idle, it fades and it won't be ready until I restart Light. I'm using 29.0, ICC, default (classic, I guess) theme; add ons: Adblock edge, download helper, down 'em all.
I can't find the problem. Can you reproduce this with a new profile ?
Hi; with a new profile and similar settings the menu bar issue seems to be solved but now it wont show the bookmarks toolbar (it cant be ticked). btw: I've changed default settings for browser.tabs.onTop:false, browser.newtab.url about:blank, browser.tabs.insertRelatedAfterCurrent:false
damm wrote:Hi; thanks for Light, it's the first time in one year that I can use Firefox without crashing, freezing or not answering issues (XP SP3, intel core2 duo, 1GB RAM). Apart from some issues importing my old settings from Firefox I have noticed that every time I modify an element in the tool bars, the menu bar becomes idle, it fades and it won't be ready until I restart Light. I'm using 29.0, ICC, default (classic, I guess) theme; add ons: Adblock edge, download helper, down 'em all.
I can't find the problem. Can you reproduce this with a new profile ?
Hi; with a new profile and similar settings the menu bar issue seems to be solved but now it wont show the bookmarks toolbar (it cant be ticked). btw: I've changed default settings for browser.tabs.onTop:false, browser.newtab.url about:blank, browser.tabs.insertRelatedAfterCurrent:false
Download the omni.ja in "other" folder and replace the one in browser folder.
mozillaZine is an independent Mozilla community and advocacy site. We're not affiliated or endorsed by the Mozilla Corporation but we love them just the same.
