Open Bug 1034030 Opened 11 years ago Updated 3 years ago

let a server/website request for data stored locally to be encrypted

Categories

(Firefox :: General, enhancement)

Product:
Firefox
Component:
General
Version:
17 Branch
Platform:
x86_64
Linux
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: roy_barnard, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131029 Firefox/17.0 (Nightly/Aurora) Build ID: 20131030000816 Steps to reproduce: security enhancement suggestion Provide a method for a HTTPS Web server to iniate a Enterprise Private Browsing mode. Actual results: IF a HTTPS web site header could be recieved by FF which then switched to a Enterprise Browsing mode. Enterprise Browsing would be like Private Browsing but all information Firefox remembers for you would be stored in an encrypted form only. Expected results: Banking and Corporate Web Applications would be more secure. The HTTPS server could confirm that FF understands Enterprise Browser mode and then respond with confidencial information.
Severity: normal → enhancement
Apart from protocol enhancements, I think this would need more details about local stuff.
Component: Untriaged → General
Summary: security enhancement suggestion → let a server/website request for data stored locally to be encrypted
Details about local stuff. PSN (UK gov security) does not like using browser access to mail as this is a security issue with the information left on the browser. So to mitigate this issue (same type of issues as on-line banking when not using "Private Browsing) For example: Browser connects to Webserver using HTTPS (HTTPS would be a prerequisite) and the user authenticates against the Web Server. Web Server informs browser to enter "Enterprise" mode and send a StorageName and encryption key to browser. Web Server caches the Encryption key against the user authentication information for next session. Browser confirms "Enterprise" mode capability with every following transmission (like a cookie) If the Web Server does not recieve the "Enterprise" mode confirmation it errors and no longer provides access to the Web Site. All data handled by the browser is encrypted and help in the StorageName container this would hold: History, browser cache, cookies and localstorage. At the end of the session the Browser drops the "Enterprise" mode Encryption Key leaving the data behind on the browser in an encrypted form. The next time the client connects to the same HTTPS web site and uses the same user account the browser can access the locally encrypted cache. Provides all the benefit of normal browsing (eg caching pages, cookies, history, etc) but only when authenticated against the server. Other users of the same browser would not be abale to access the "Enterprise" mode data stored on as the encryption key would be on the server, users just see a HTTPS website with user authentication. Many Thanks, Roy
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.