Closed Bug 120939 Opened 23 years ago Closed 23 years ago

Make clear that both encryption and signing certs are required to configure s/mime.

Categories

(MailNews Core :: Security: S/MIME, defect, P3)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Other Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: erl, Assigned: KaiE)

References

Details

(Whiteboard: [adt2 rtm])

Attachments

(1 file, 1 obsolete file)

Updated Patch
8.87 KB, patch
mscott
: superreview+
jud
: approval+
Details | Diff | Splinter Review
I have a certificate identifying me, signed by my bank (Skandiabanken). I normally use it to log into my bank's website, but now I wanted to try to sign E-mails with it. I selected it in my mail account settings, to be used for signing my E-mails. Here is the info displayed when selecting the certificate called "Erland Lewin's Skandiabanken AB ID": Subject: CN=Erland Lewin, OU=Bondegatan 81 4 tr, O=7009070413, L=Stockholm, ST=11634, C=SE Serial Number:0A:D9:93:A1:00:01:00:0D:7A:0C Valid from 2001-08-15 10:51:27 to 2002-08-15 11:01:27 Purposes: Client,Server,Sign,Encrypt Issued by: Subject: CN=SkandiaBanken Internetbank CA01, OU=SkandiaBanken AB, O=SkandiaBanken AB, L=Stockholm, ST=Stockholm, C=SE, E=webmaster@skandiabanken.se When I try to send a signed but not encrypted E-mail to myself, I get an error message saying: "Sending of message failed. You requested to sign this message, but the application failed to find an encryption cert to include in the signed message or the certificate has expired." Normally, I need to specify my password to use the certificate when I log into the website. I don't know if that mechanism might be a problem. I'm running a CVS from yesterday, so it shouldn't be bug #117148.
Do you have proper trust bits set for the issuer of your certificate? You may want to take a look bug 119641.
Thanks for the tip, Antonio. However, it doesn't seem to be a trust problem. My certificate does say 'true' in the 'verified' column under "Your certificates" in the Certificate Manager. It chains up to the "SkandiaBanken Internetbank CA01". That CA is in the list under the "Authorities" tab. When I select it and click 'edit', all three trust settings are checked. What can I do to get more debug info on why the certificate is not being found?
You must set both the signing and encryption certificate part in the Mail/News Account Manager. In your case, the two certs will be the same, but many organizations issues different certs for signing and encryptions, hence the need to have setup for both. The reason why you want to include an encryption certificate when you sign and email is so that your recipient can send you encrypted emails. This should solve your problem.
Priority: -- → P3
Target Milestone: --- → 2.2
Ok, it works when I have specified the certificate for encryption as well (however, this exposed bug #122261). However, it sounds to me like the behaviour should be changed such that specifying an encryption certificate is optional, when only signing a certificate Or the certificate specification dialog should refuse to accept a signing certificate (or at least warn) if an encryption certificate is not specified. Should I create a new bug for this requested change of behaviour?
Both certificates are required by this s/mime implementation. We can make sure that if they are not both setup the feedback is better. Changing summary.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Failure to find certificate when signing E-mail → Make clear that both encryption and signing certs are required to configure s/mime.
Blocks: 74157
S/MIME bugs are automatically nsbeta1 candidates. (this is a bulk update - there may be some adjustment of the list).
Keywords: nsbeta1
Keywords: nsbeta1+
kai nsbeta1-
Assignee: ssaux → kaie
Keywords: nsbeta1, nsbeta1+nsbeta1-
I would like to re-nominate for nsbeta1, because I think I have a simple idea that fixes this bug. I suggest we just add a simple on line explanation to the current email security preferences dialog. Something like: "Note that in order to use E-Mail security, you need to select both signing and encryption certificate." That would "make it clear", won't it?
Keywords: nsbeta1-nsbeta1
QA Contact: alam → carosendahl
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt2 rtm]
OS: Linux → All
Hardware: PC → All
I would like to iterate the different options we have to enhance this dialog. Obviously, our current code is not optimal. It requires to have both certificates configured. Any people don't understand that, not expecting "dual-key certificates", and do not select both. I could imagine many different ways to enforce the configuration, but we do have some constraints. For example, at the time the user brings the mail security preference view to the front, we have a limited amount of options. At that time, we should not automatically check whether the (previously) configured certs are still available, because that might be slow, and it might to ask the user to log in to security devices, both software and hardware. We could have two different fields, a checkbox that says "use same cert for both", and if checked, disable the other cert selection. However, in that case, we would have to also solve the problem, that a cert might be usable only for one purpose, and the UI would have to visualize that, maybe by automatically unselecting the checkbox, and disabling it, so the user can not enable it. But in those cases, where the cert can be only used for signing, this approach would not help at all. Because we would change the UI, enable the second field, and the user would still have to see that and manually select the cert. I rather want to suggest that we leave the two different fields, arranged on the screen as they are currently. But I want to suggest that we help the user by showing additional helper messages. Imagine the following scenario: - user has not yet selected any cert - user presses button to configure signing cert - user selects cert and hits ok At that time I think we should automatically do the following: - check whether the selected cert is usable for encryption, too - check whether there is already a encryption cert selected Dependent on the results, we should show a dynamic message. I'm describing a few different scenarious, the messages I think we should show, and the actions we should take. 1.) If there is not yet a cert for encryption selected, and the selected cert is usable for encryption, show: "Note that before you can use digitally signing, you must also specify a cert that other people can use to send you encrypted email. Do you want to use the same cert for receiving encrypted messages? Yes, No, Cancel." If the user selects Yes, we will automatically configure the cert for the other purpose, too. If the user selects No or Cancel, we will leave the current configuration as is. 2.) If there is not yet a cert for encryption selected, but the selected cert is NOT usable for encryption, show: "Note that before you can use digitally signing, you must also specify a cert that other people can use to send you encrypted email. Do you want configure an encryption certificate now? Yes, No, Cancel." If user selects Yes, we will automatically open up another certificate picker, as if the user hit the "select encryption certificate" button. If the user confirms a cert, it will be configured. If the user cancels the cert selection, no change will be made. If there is no encryption cert available, the user will see an appropriate error message (as implemented with bug 136948). If the user selects No or Cancel, we will leave the current configuration as is. 3.) If there is already a cert configured for encryption, we don't need to remind the user to configure one. If the selected cert is only usable for signing, but not for encryption, it does not make even sense to display any message. However, if the selected cert is usable for both purposes, we should ask whether the user wants to use that newly selected cert for both purposes, and I suggest we ask the user the following: "Do you want to use the same cert for receiving encrypted messages? Yes, No, Cancel." If the user selects Yes, we will automatically configure the cert for the other purpose, too. If the user selects No or Cancel, we will leave the current configuration as is. Note, that we should do another check before opening the message, we should check whether the configured cert for the other purpose is already the same cert. In that case, everything is fine already, and not prompts should be shown. 4.) Sections 1-3 should also be done for the other direction. I.e. if the user selects an encryption cert, we should also check for the signing cert, and should show the approriate messages, as defined by 1-3. Strings ======= If you agree, I see the need for wordings like the following, which will be dynamically combined by the code at runtime into the messages described above. A) Note that before you can use digitally signing, you must also specify a cert that other people can use to send you encrypted email. B) Note that before you can use email encryption, you must also specify a cert that can be used to digitally sign messages. C) Do you want to use the same cert for receiving encrypted messages? D) Do you want to use the same cert for digitally signing email messages? E) Do you want to configure an encryption certificate now? F) Do you want to configure a certificate for digitally signing messages now?
Status: NEW → ASSIGNED
If you agree, I want to implement the above, which will be easy to do. I also suggest two more changes to the wordings of the dialog. First, I suggest we display a message above the cert selection areas, as I describe it in comment 8. Second, I think we should enhance the wording in the Encryption box that is currently "Use the following personal certificate". I saw that people who understand email encryption were confused by that wording. I suggest we use something like: "Certificate to be used for receiving encrypted messages from other people"
Based on kaie's suggestions, I'd like to propose the following text changes to the Mail & Newsgroups Account Settings/Security panel: New text at very top (below the Security heading): "To send and receive signed or encrypted messages, you must specify both a digital signing certificate and an encryption certificate." Text before signatures cert field: "Use this certificate to digitally sign messages you send:" Text before encryption cert field: "Use this certificate to encrypt & decrypt messages sent to you:" Revisions for messages A-F proposed in comment 9: A) Before you can digitally sign messages, you must also specify a certificate for other people to use when they send you encrypted messages. B) Before you can encrypt messages, you must also specify a certificate to use for digitally signing your messages. C) Do you want to use the same certificate to encrypt & decrypt messages sent to you? D) Do you want to use the same certificate to digitally sign your messages? E) Do you want to configure an encryption certificate now? F) Do you want to configure a certificate for digitally signing messages now? Note that help buttons are due to reappear in the Mail & Newsgroup Account Settings dialog (fix is part of bugzilla 129540). Help content for the security panel is already in the builds, but needs updating for these UI changes.
Thanks Sean, I like your wordings, and I'll have a patch ready very soon. But I just noted the following: For sending encrypted messages, we do not require that a signature cert is selected. I therefore suggest to change wording B into a recommendation: B) Before you encrypt messages, you should also specify a certificate to use for digitally signing your messages. Does that sound ok?
Actually, because B) is no longer a requirement, I think the phrase "Before you" is not required. What about: B) You should also specify a certificate to use for digitally signing your messages.
New wording looks fine to me.
Attached patch Suggested Patch (obsolete) — Splinter Review
This patch implements the suggestion and uses Sean's wording.
Just FYI, the patch is incremental to the patch in bug 136948. Only to avoid conflicting patches.
Comment on attachment 83798 [details] [diff] [review] Suggested Patch >+ if (!otherCertInfo.value.length) { >+ if (matchingOtherCert) { >+ var message = gBundle.getString(msgNeedCert) + " " + gBundle.getString(msgWantSame); >+ userWantsSameCert = askUser(message); >+ } >+ else { >+ var message = gBundle.getString(msgNeedCert) + " " + gBundle.getString(msgWantToSelect); >+ if (askUser(message)) { >+ smimeSelectCert(pref); >+ } >+ } >+ } This concatenation of message string may not fly with the localization camp. I'm OK with this since these are 2 separate sentences, but I'm not sure what the localization people would think. r=javi on everything else.
Attachment #83798 - Flags: review+
Attached patch Updated PatchSplinter Review
My intention was to avoid duplicate strings in the string bundle. But Javi explained me (thanks!), that the localization team rather prefers those duplicates, because that way, they have an influence on the sentence structure. This new patch duplicates the strings in the bundle directly, no longer in the code. No other changes.
Attachment #83798 - Attachment is obsolete: true
>At that time, we should not automatically check whether the (previously) >configured certs are still available, >because that might be slow, and it might to ask the user to log in to security >devices, both software and hardware. Patch looks good. I imagine we can fix the delete cert code in the cert manager to blank out the prefs if the cert happens to be configured for signing/encrypting. The user needed to log into the devices to perform the delete anyway, and that is probably the correct location to place the cleanup. The same function could be called from within the reset master password function as well...
Comment on attachment 83811 [details] [diff] [review] Updated Patch just a small question, can we call the const nsX509CertDB: nsX509CertDBProgID or put the word ID in the variable name some where? That might make it easier to recognize what it is when it's used in the code. No need to submit a new patch if you decide to change the name of the variable. code looks great. sr=mscott
Attachment #83811 - Flags: superreview+
Had a chat with Scott, he told me that he meant ContractID, not ProgID. Checked in with variable renamed to nsX509CertDBContractID.
Keywords: adt1.0.0
Marking fixed
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified on 20020520 Trunk Builds. Please add the fixed1.0.0 keyword when this has migrated to branch.
Status: RESOLVED → VERIFIED
adt1.0.0+ (on ADT's behalf) for approval to checkin to the 1.0 branch, pending Driver's approval. After, checking in, please add the fixed1.0 keyword.
Keywords: adt1.0.0adt1.0.0+
Blocks: 143047
changing to adt1.0.1+ for checkin to the 1.0 branch. Please get drivers approval before checking in.
Keywords: adt1.0.0+adt1.0.1+
Keywords: mozilla1.0.1
Attachment #83811 - Flags: approval+
please checkin to the 1.0.1 branch ASAP. once there please remove the mozilla1.0.1+ keyword and add the fixed1.0.1 keyword.
Keywords: mozilla1.0.1mozilla1.0.1+
Checked in to branch
Keywords: fixed1.0.1
Keywords: adt1.0.1+, mozilla1.0.1+
*** Bug 148945 has been marked as a duplicate of this bug. ***
Verified on 20020606 Branch
Keywords: fixed1.0.1verified1.0.1
Product: PSM → Core
Product: Core → MailNews Core
QA Contact: carosendahl → s.mime
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: