Open Bug 170603 Opened 22 years ago Updated 2 years ago

FIPS mode does not prompt for master password reading mail

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Other Branch
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

People

(Reporter: carosendahl, Unassigned)

References

Details

(Whiteboard: [kerh-coz])

See bug 142147 for possible dependencies Build NSS3.6 Test builds Problem: While not logged in: In FIPS mode, the user appears to have to be logged in to validate signed messages (or rather to store other people's certs in the cert manager). If the other person's cert already exists in the cert manager, the user is prompted to enter the master password and the signature validation occurs. If the other person's cert is not already present in the cert manager, no master password prompt is displayed, and the signature is displayed as invalid for unknown reasons. On a side note, if the other person's cert was in the cert manager, and then deleted, even after restarting the application you will be prompted to enter a master password for mail signed by that person. It seems that the invalid/unknown reasons signature message only occurs for other people's certs that have never been in the cert manager when you are not logged into FIPS. Expected behavior: The user should experience consistent behavior and be prompted to log into FIPS for all messages.
Blocks: fips
*** Bug 180584 has been marked as a duplicate of this bug. ***
Assignee: kaie → nobody
Product: PSM → Core
Whiteboard: [kerh-coz]
QA Contact: carosendahl → s.mime
Product: Core → MailNews Core
This bug will be a little bit of a challenge to verify. According to the report, if the sender's cert has ever validated in the past, TB will correctly prompt for the Master Password. So you'd really want to start with a fresh TB profile to be sure you reproduced the problems. It's a great catch, but an edge case I think.
I don't know if this is related. Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.2.5pre) Gecko/20100504 Lightning/1.0b2pre Lanikai/3.1b2 Every time I restart thunderbird (okay, Lanikai), it says "connecting to <IMAP server>", but doesn't prompt me for a passwprd. I have to go to Edit->Preferences->Certificates->Security Devices->FIPS 140 ... and select Login before it will prompt me for the master password. Only after that will it prompt me for the password for the remote IMAP server. This happens whether I `kill -HUP ...' the thunderbird process (the first time I noticed this) or exit it cleanly.
Bugs which mention FIPS http://mzl.la/1GbIGJT
See Also: → 534444
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.