Closed Bug 100077 Opened 24 years ago Closed 9 years ago

Implement client-side key-recovery

Categories

(Core Graveyard :: Security: UI, enhancement, P2)

Product:
Core Graveyard
Component:
Security: UI
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: lord, Unassigned)

Details

(Whiteboard: [kerh-ehz])

A CA can be configured to escrow the client's encryption key as a precondition for cert issuance. The escrow process comes complete with UI to get the user's permission to perform this action. The client now needs key recovery capabilities. There should be a way for the client to authenticate itself to the CA and request the automatic fetching of the client's own cert and key. This process should be no more difficult than the initial enrollment.
P2 Target 2.2 So if a ca has an ldap enrollment with key escrow, it would make sense for them to have a ldap key recovery. However wouldn't this make the compromise of an account worse because not only could an unauthorized person obtain a new cert under the compromized account name, he could also get older certs/keys to decrypt old messages. What would be an appropriate thing to do for CAs that separate the request and issuance steps (to allow for the validation of the data provided during the request)? For such CA's the enrollment allows the browser to load the cert because the browser has the private key. but for key recovery, they would not want to have the browser load the cert + private key without the same kind of scrutiny they used during enrollment, but it's harder to ascertain that the browser loading the key/cert is the "authorized" browser.
Priority: -- → P2
Target Milestone: --- → 2.2
The CA should decide the level of verification it requires to hand over a cert and private key. That includes the choice between real-time recovery (more scalable) vs. manual verification (potentially more secure). I would recommend that CAs require a great deal of verification, but it's up to them.
QA Contact: bsharma → junruh
Since it's been a year since the last comment, setting to Future.
OS: Windows 2000 → All
Hardware: PC → All
Target Milestone: 2.2 → Future
Version: 2.1 → 2.4
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Mass change "Future" target milestone to "--" on bugs that now are assigned to nobody. Those targets reflected the prioritization of past PSM management. Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Product: PSM → Core
Severity: normal → enhancement
Whiteboard: [kerh-ehz]
QA Contact: junruh → ui
Version: psm2.4 → 1.0 Branch
what sort of UI/API does the Browser need to provide?
Version: 1.0 Branch → Trunk
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.