Closed
Bug 478763
Opened 15 years ago
Closed 8 years ago
Working with multiple personal certificates - selecting one for the session
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: drag_on_fly, Unassigned, NeedInfo)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Currently there are two options in Tools/Options/Advanced/Encryption When a server requests my personal certificate: *Select one automatically *Ask me every time Automatic works fine with a single certificate but with more than one the user has to use the manual option. In the second case, the user is asked to select a certificate almost on every step of a transaction. Reproducible: Always Expected Results: If possible, would be better if the user is asked which certificate to use for the new session and after selection is done Firefox uses the selected certificate automatically while the session is active.
Comment 1•15 years ago
|
||
Interesting idea with some obvious use cases, but over to PSM for further discussion.
Assignee: nobody → kaie
Status: UNCONFIRMED → NEW
Component: Security → Security: UI
Ever confirmed: true
Product: Firefox → Core
QA Contact: firefox → ui
Version: unspecified → Trunk
Comment 2•15 years ago
|
||
See also https://wiki.mozilla.org/PSM:CertPrompt for lots of ideas and details around client auth and multiple certs. We have other open bugs, but haven't been able yet to work on improvements.
Reporter | ||
Comment 3•15 years ago
|
||
In my particular case as an user there are two bank accounts managed from the same PC. One added lately. In automatic mode Firefox always takes the newer and session is broken with "Invalid certificate" message. It's obvious that fully automatic mode is quite a complicated task. Semi-automatic may be less difficult to accomplish. Sorry if I've written nonsense.
** FIXME FIXME FIXME ** To me, this is more of a *bug* instead a feature request... Even if just one personal cert is installed, also other, potentially unwanted uninvolved open https tabs will trigger the authentication request popup. In case of several open tabs, it's easy to accidentially clicking OK, thus sending the certificate to servers not supposed to get that kind of authentication information. This poses a privacy invasion in cases, where such servers usually only get pseudonyms + passwords (e. g. forums), but now are also receiving potentially personally identifyable information - just because of one accidential click. If this also could pose securtiy implications, I can't judge. To help avoiding such scenarios in the first place, though, it might help to enable personal certs being pinned to selected servers/domains on the first hit, thus preventing accidentially sending personal authentication information to other servers later on, where not applicable/unwanted. This bug is not exactly NEW anymore... please prioritize this one soon!
Ivan - unless I'm misunderstanding, the current dialog has a checkbox you can check to make Firefox remember that decision for that site for your session. Is this the behavior you're looking for? Or are you saying Firefox should ask what certificate you want to use for every site for a session? fettucini - it sounds like you're either seeing the master password dialog (known issue: bug 177175 etc.) or you're describing the fundamental privacy problem with client certificates (also known issue, but not easily solvable). In any case, this bug will probably not address your concerns.
Flags: needinfo?(drag_on_fly)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
Cannot confirm anymore, whether the problem was the master password dialog popping up manytimes, or the sending client cert dialog, back then. What I can confirm is, the problem disappered shortly after my original comment and it doesn't occur in FF 52.7.
You need to log in
before you can comment on or make changes to this bug.
Description
•