Closed Bug 1123178 Opened 10 years ago Closed 7 years ago

[email] Investigate/consider adding a specific error for the SecurityCertificateDomainMismatchError error where the domain might be valid (but accounting for attack potential)

Categories

(Firefox OS Graveyard :: Gaia::E-Mail, enhancement)

Product:
Firefox OS Graveyard
Component:
Gaia::E-Mail
Platform:
x86_64
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: asuth, Unassigned)

References

Details

In bug 1121455 the issue was raised that we could do better in the situation where there's an SSL/TLS domain name mismatch.  Assuming we can be sure that the exception means that NSS has fully validated the certificate to be valid for a domain other than our own (and therefore not a self-signed certificate or using a custom CA), we could provide a hint to the user that maybe they should double-check their settings.

From a security perspective, even if we could tell the user what domains the certificate thinks it is valid for, it's not clear that's a good idea, *especially* if we provided and option to autofill it.  But maybe that's paranoia.  The concern would be some combination of the following factors:

- The attacker is able to get a valid certificate for a domain that is close enough to the existing domain, to the name of the company that is actually used for hosting, or just a plausible name used for hosting.

- Our UI is vulnerable to presentation attacks where overflow or line-folding or other bugs can cause a domain to look valid that is not.  In theory domain name rules and perhaps CA rules may limit the potential risk here.  The big concern would be automated CAs that sign simply on the basis of domain name hierarchy.  Ffor example, I believe Mozilla will 'bless' a domain name registrar's custom root domain to also act as a CA for only domains under its root.  So the ".foo" registrar could also hand out certs, etc. etc.

A candidate string that would then be low risk might be: "The server has a valid certificate for a different domain name than 'thing.you.typed'.  Please check with your mail provider for the correct settings, especially if your mail address is at a custom domain.  (One not owned by the mail provider.)"
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.