1183716 - Client SSL certificate dialog always checks "Remember this decision"

Status: REOPENED

(Core :: Security: PSM, defect, P3)

Description

[Gene Wood [:gene]]

When browsing to a website that uses SSL/TLS client certificates for authentication, if the Firefox profile has multiple client certificates applicable to that site, Firefox brings up a selection dialog to choose the cert. The dialog has a check box to remember this decision (and not prompt for the client cert in the future).

If you uncheck the "Remember this decision" checkbox and choose a certificate, the next time you browse to that site it again checks the box by default.

If a user goes to a site and asks to not remember the client cert that they're using (likely because they use multiple client certs in different situations), it would be nice if the default for this checkbox then switched to unchecked.

As it is, every time the user goes to the site they have to uncheck the checkbox to ensure that they can choose their certificate next time they log in.

Would it be possible to change the default to be either checked if the site user has never encountered this dialog before and is logging into the site for the first time, or unchecked if the user has interacted with the dialog before and not checked the checkbox?

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Some people are going to be unhappy with whatever the default is, so I don't think this is worth changing.

Comment 2

[Gene Wood [:gene]]

:keeler, I think I didn't explain my thought clearly. I'm not suggesting changing the default from checked to unchecked (which is stored in the security.remember_cert_checkbox_default_setting pref https://dxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/clientauthask.js#39 ), I'm suggesting we honor the user's intent when they express it (by unchecking the box) and allow them to deviate from the default each time they visit a given site.

Currently if a user visits a site and the pref (security.remember_cert_checkbox_default_setting) value (either the checked(default) or unchecked) is the setting they desire, the browser honors this by either not prompting them again if the value is "Remember this decision" or by defaulting to unchecked if the value is *not* "Remember this decision". This I think is the right behavior since it assumes that the user will want to continue making the same choice over time for that site.

The problem is that currently if a user visits a site and the pref value is *not* the setting that they want we end up with 2 different scenarios, one good and one bad :

Scenario 1 : pref is set to false (because they went into about:config and changed it from the default of true to false)
User gets the "Remember this decision" the first time and it's unchecked (because of the pref). The user wants to remember this choice so they check the box. The next time the user comes back they aren't prompted which is what the user's intent was (which is why they checked the box)

Scenario 2 : pref is set to true (the default pref value in about:config)
User gets the "Remember this decision" the first time and it's checked (because of the pref). The user *does not* want to remember this choice so they uncheck the box. The next time the user comes back the user is again prompted if they want to "Remember this decision" with a default of checked. This does not follow the intent the user expressed the last time they came to this dialog box which was to *not* "Remember this decision"


It looks like the current behavior is that all sites start out by defaulting to "don't remember"

https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsNSSIOLayer.cpp#87

Then when the dialog is displayed, the checkbox is set to the global default of "do remember"

https://dxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/clientauthask.js#39

And the value of the checkbox is recorded as a boolean

https://dxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/clientauthask.js#119
https://dxr.mozilla.org/mozilla-central/source/security/manager/pki/nsNSSDialogs.cpp#230

One approach would be to store an int (or something with more than 2 values) instead of a boolean in this field. The values would be something like
* 0 : do not remember
* 1 : remember
* 2 : do not remember per user choice

Then when the checkbox value is submitted, compare it to the pref(security.remember_cert_checkbox_default_setting) setting to determine if the user made a choice or left the checkbox as it was. If the selected value (either checked or unchecked) differs from the current pref and the users choice was "do not remember", then store the value of 2.

Then when the dialog is displayed the next time, only default to the pref value as long as the site hasn't been set to a value of 2. If the site's set to 2 then set the default to "do not remember"

It looks like :dmose or :kaie might have some context on this feature based on Bug 431819

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Sorry Gene, I didn't read your original comment thoroughly enough. If I'm understanding what you're getting at, I think it would be a useful change. Just to make sure I'm on the same page, though, do you think it would be sufficient to a) continue to have a (configurable) default but b) remember what state the user left the checkbox in and use that for the next prompt? (Ideally this would be on a per-site basis, I guess.)

Comment 4

[Gene Wood [:gene]]

> do you think it would be sufficient to a) continue to have a (configurable) default but b) remember what state the user left the checkbox in and use that for the next prompt? (Ideally this would be on a per-site basis, I guess.)

Ya, if it were per site that sounds ideal.