1401466 - Make client certificate dialog tab modal

Status: NEW

(Core :: Security: PSM, enhancement, P3)

Description

[Paul Wise]

Having a modal dialog whenever one visits a site that uses client-side certificates is unusable for many users.

The option of automatically selecting the right certificate unfortunately has privacy issues:

https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/

If it would work similar to how saving passwords does then it would be much better. A small window in the upper left where users could select "Create new client cert for this site", "Login in with client cert foo {once,automatically}", "Never login automatically on this site" etc.

Comment 1

[Paul Zühlcke [:pbz]]

Attachment: client-cert-prompt.png

Here is a screenshot of the client cert request prompt.
It is shown in a window with the main browser window as parent.

While it could be tab modal, I'm not sure if it would improve UX much. It certainly can't be abused for DoS attacks by websites, which is good.

Comment 3

[David Balažic]

As noted in bug 1659119 , sometimes this dialog appears detached from the FF window it "belongs" to, and sometimes even as a modal dialog to another FF window. "Tying" it to the originating tab would be very welcome. (to the tab only, leaving other tabs in the same window free)
The problem is that due to above the dialog is sometimes not visible, as it is under the actual FF window or somewhere else. So it seems the tab is just hung. Also all other tabs are hung, as the single network thread is blocked waiting for the dialog to be closed.

Comment 4

[Dana Keeler (she/her) (use needinfo) (:keeler for reviews)]

Attachment: WIP: Bug 1401466 - make front-end responsible for presenting client auth cert selection ui