Open Bug 1401466 Opened 4 years ago Updated 4 months ago

Make client certificate dialog tab modal

Categories

(Core :: Security: PSM, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: pabs3, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [psm-clientauth])

Attachments

(1 file)

Having a modal dialog whenever one visits a site that uses client-side certificates is unusable for many users.

The option of automatically selecting the right certificate unfortunately has privacy issues:

https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/

If it would work similar to how saving passwords does then it would be much better. A small window in the upper left where users could select "Create new client cert for this site", "Login in with client cert foo {once,automatically}", "Never login automatically on this site" etc.
Component: General → Security: PSM
Product: Firefox → Core
Priority: -- → P3
Whiteboard: [psm-clientauth]
See Also: → 1617504
Blocks: 616843
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: 1617504
Summary: improve the usability of client-side certificates → Make client certificate dialog tab modal
Attached image client-cert-prompt.png

Here is a screenshot of the client cert request prompt.
It is shown in a window with the main browser window as parent.

While it could be tab modal, I'm not sure if it would improve UX much. It certainly can't be abused for DoS attacks by websites, which is good.

As noted in bug 1659119 , sometimes this dialog appears detached from the FF window it "belongs" to, and sometimes even as a modal dialog to another FF window. "Tying" it to the originating tab would be very welcome. (to the tab only, leaving other tabs in the same window free)
The problem is that due to above the dialog is sometimes not visible, as it is under the actual FF window or somewhere else. So it seems the tab is just hung. Also all other tabs are hung, as the single network thread is blocked waiting for the dialog to be closed.

You need to log in before you can comment on or make changes to this bug.