Closed Bug 1497154 Opened Last year Closed Last year

Wrong encipherment certificate status - recipient certificate status should not be checked for signing usage, since that only concerns the sender certificate.

Categories

(Thunderbird :: Message Compose Window, defect)

defect
Not set

Tracking

(thunderbird_esr6063+ fixed, thunderbird63 wontfix, thunderbird64 fixed)

RESOLVED FIXED
Thunderbird 64.0
Tracking Status
thunderbird_esr60 63+ fixed
thunderbird63 --- wontfix
thunderbird64 --- fixed

People

(Reporter: chris.m.gaudry, Assigned: chris.m.gaudry)

References

Details

(Keywords: regression)

Attachments

(1 file, 2 obsolete files)

Attached patch msgCompSecurityInfo.js.patch (obsolete) — Splinter Review
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce:

- Composing a ciphered email using valid encipherment certificates.
- Save it.
- Viewing "Security message" window.



Actual results:

All encipherment certificate statuses are "Invalid".


Expected results:

All encipherment certificate statuses should be "Valid".
Hello,

In the "Message Security" window, all the recipient's encryption certificates always have the status "Invalid", although these certificates are all valid as well as the certificate of the associated CA and that their usages include "Critical" and "Key Encryption".
Indeed, the control performed on the uses of these certificates includes signing and key encipherment, whereas it should only include encryption. The signature of the message only concerns the sender of the message.
Therefore, to resolve this problem, you must remove line 263 from the mailnews/extensions/smime/content/msgCompSecurityInfo.js file, as described in the attached hotfix.

Thank you in advance.
Attachment #9015205 - Attachment is patch: true
Attachment #9015205 - Attachment mime type: text/x-patch → text/plain
Comment on attachment 9015205 [details] [diff] [review]
msgCompSecurityInfo.js.patch

Not a proper HG patch, but we got the message, thanks.

Magnus, this one is for you.
Attachment #9015205 - Flags: review?(mkmelin+mozilla)
Assignee: nobody → chris.m.gaudry
Blocks: 1293378
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: regression
Summary: Wrong encipherment certificate status → Wrong encipherment certificate status - recipient certificate status should not be checked for signing usage, since that only concerns the sender certificate.
Made that a proper patch.
Thanks for the patch!

I wonder though, what kind of strange certificates are these? How would anybody be able to get them and use them them when they are not sent out through signing. It's also bad procedures to send encrypted but unsigned mails.
Attachment #9015205 - Attachment is obsolete: true
Attachment #9015205 - Flags: review?(mkmelin+mozilla)
Attachment #9015486 - Flags: review+
Corrected surname of author.
Attachment #9015486 - Attachment is obsolete: true
Attachment #9015490 - Flags: review+
(In reply to Magnus Melin [:mkmelin] from comment #3)
> Created attachment 9015486 [details] [diff] [review]
> bng1497154_certificate_status_usage.patch
> 
> Made that a proper patch.
> Thanks for the patch!
> 
> I wonder though, what kind of strange certificates are these? How would
> anybody be able to get them and use them them when they are not sent out
> through signing. It's also bad procedures to send encrypted but unsigned
> mails.

I'm not sending encrypted unsigned mail, but encrypted AND signed mail.
The problem is not there.

The "Message Security" window only checks for recipients certificates. These certificates only apply to encipherment.
When you send encrypted and signed mail, you sign with the sender's signing certificate and cipher with all the cipherment certificates (sender+recipient(s)).

The original code only works if each recipient certificate has both signature and cipherment usages.
The good procedure is to separate authentication, signing and cipherment certificates, to be able to remove any of theses usages of the user at anytime by revoking the corresponding certificate.
Yes, I'm not suggesting your usage is wrong. I'm suggesting the recipient certs are odd. 

How did you obtain them, if they weren't obtained by receiving signed mails from these persons?
These certificates are imported from an LDAP directory. These certificates have been generated by a professionnal PKI for enterprise use.
I see. Kind of defeats the purpose though, doesn't it. Or well, you could secure your internal communications, but anyone outside the eh, ldap access, can't send you encrypted mail.
This is for internal use only (the network is closed for security reasons).
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/03c827f7c3ac
recipient certificate status should not be checked for signing usage since that only concerns the sender certificate. r=mkmelin
Status: ASSIGNED → RESOLVED
Closed: Last year
Keywords: checkin-needed
Resolution: --- → FIXED
Reported against TB 60, so I guess we should fix it there. So uplift?
Flags: needinfo?(mkmelin+mozilla)
Target Milestone: --- → Thunderbird 64.0
Comment on attachment 9015490 [details] [diff] [review]
bng1497154_certificate_status_usage.patch

Review of attachment 9015490 [details] [diff] [review]:
-----------------------------------------------------------------

Yep
Attachment #9015490 - Flags: approval-comm-esr60?
Flags: needinfo?(mkmelin+mozilla)
Comment on attachment 9015490 [details] [diff] [review]
bng1497154_certificate_status_usage.patch

[Triage Comment]
Attachment #9015490 - Flags: approval-comm-esr60?
Attachment #9015490 - Flags: approval-comm-esr60+
Attachment #9015490 - Flags: approval-comm-beta+
You need to log in before you can comment on or make changes to this bug.