Open Bug 1591269 (osclientcerts) Opened 7 months ago Updated 23 days ago

[meta] osclientcerts tracking bug

Categories

(Core :: Security: PSM, task, P3)

task

Tracking

()

People

(Reporter: keeler, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: meta, Whiteboard: [psm-tracking])

This bug tracks the implementation of the osclientcerts PKCS#11 module that will enable Firefox to use client certificates from the OS.

Blocks: 1120350

Are there plans for Unix?

To my knowledge, there's no stable mechanism to store certificates using a TPM/TrustZone on Linux or the BSDs. Gnome-Keyring can probably be hacked on to do it via trousers [0], but arguably since that produces a PKCS#11 module, it could just be plugged straight into Firefox and "be" this implementation instead of the osclientcerts rust library... but trousers is not actively maintained, and I'm not sure of anything else state-of-the-art in the *nix world for this.

Most distributions install client certs directly into system NSS, which is then used by Firefox, which makes it de facto the OS Client Cert store already.

[0] https://github.com/srajiv/trousers

Alias: osclientcerts

I had opened https://bugzilla.mozilla.org/show_bug.cgi?id=1624317 which is now closed WONTFIX due to the presence of this osclientcerts plan.

I hope that the foundation does decide to address this soon. It's been outstanding for a long time, and I worry that it provides a real attack chain opportunity (infect a "known good" page where users SHOULD unlock their stored certificates, then redirect them somewhere else where they should NOT, but as the one-time-per-session unlock has already been performed, their certificates can then be [ab]used without a password prompt).

I see that it is currently dependent on a bug relating to the level of debugging available from the current interface to Windows OS client certificate storage.
I wonder that waiting on more-perfect diagnostic information from that module, while retaining the current too-low granularity of control over access to security-critical assets (certificate private key use) maybe isn't the right balance?

thank you.

You need to log in before you can comment on or make changes to this bug.