thanks for clearing that up
this is in the current builds. is it enabled by default. does it have a user interface
If CertSentry is installed, then it’s “enabled” - by default, it only hooks certificate revocation checks and logs various information about these checks. CertSentry’s revocation checking hard-fail capability is still disabled by default, but you can enable it manually by adding some registry entries (documented earlier in this topic).
Dragon doesn’t have any UI for CertSentry yet. CertSentry does display its own UI when hard-fail is enabled and a revocation checking failure occurs.
Bit confused.
Are you saying the follwing:
If you install Dragon or IceDragon, then its installed and it “hooks certificate revocation checks and logs various information about these checks.”
And if in addition you set the registry keys, hard fail is enabled and it will display a UI indication if a failure occurs
If possible it would be really good to have some form of test procedure so people can check they have correctly enabled hard fail. Registry editing is easy to get wrong.
Best wishes
Mouse
Yes, except for the “or IceDragon” part. AIUI, the first release of IceDragon did install CertSentry, but the latest release does not install it. IceDragon uses Mozilla’s NSS security library instead of CryptoAPI, but CertSentry only works with CryptoAPI-based applications.
If possible it would be really good to have some form of test procedure so people can check they have correctly enabled hard fail. Registry editing is easy to get wrong.
Yes, that would be good. I think adding an option to configure CertSentry settings from within Dragon would be good too.
Yes indeed.
BTW I have included cert sentry, and hard fail in my guideline on using the sandbox here.
Mainly in the banking section.
Any comments welcome. Will change the text on CertSentry to exclude IceDragon. FF thus I guess IceDragon has its own hard fail setting anyway, which I guess will be good enough.
Best wishes
Mike