Closed Bug 184947 Opened 22 years ago Closed 16 years ago

Password manager should be able to use other third party PKCS #11 Modules

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: raccettura, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130

Password manager should be able to use other third party PKCS #11 Modules
installed by the user, rather than just the default internal module.

Would be a great enhancement because it would allow Mozilla to be infinately
secure.  IBM has the "Embedded Security Chip Enhanced PKCS #11 Module" which
would be real nice to use instead of the included module.

IBM's allows fingerprint scanners, and uses the onboard security chip.  Much
more secure.

I'm sure there are other third party modules that people would like to use.



Reproducible: Always

Steps to Reproduce:
Reassigning unconfirmed form and password manager bugs to the new owner
Assignee: morse → dveditz
Any chance on this?
There are no dups that I can see for this.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I would not consider this a simple enhancement but at least a minor loss of
function...
Product: Browser → Seamonkey
This would apply to Firefox and Thunderbird as well (and probably even before)
Seamonkey. Moving over. 

Dan, what are the chances of something like this happening?
Component: Password Manager → Security: CAPS
Product: Mozilla Application Suite → Core
The way that current single sign on systems are trying to access Firefox password fields is through MSAA. This is Windows only. In the case of Verisoft which comes with HP, it's not working or causing crashes and other problems.

I believe that is what is happening in bug 275114.
i'm sorry. pkcs11 modules let you store certificates, how would one expect the password manager to use them to store anything else?
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
I'm sorry. But does not anyone read the what a bug is about before marking it invalid and resolved??? I strongly get the impression that lately the main objective of reviewers is to get rid of bugs as quickly as possible even for the most formal reasons like mentioning "password manager" in conjuction with support of pkcs11 modules. This gets so annoying.

I have opened the bug 7 years ago. It is not my fault that at that time the security devices for netscape where configured in the password manager. If you would read the description you would notice that it is not about storing passwords.

Moreover, the built-in pkcs11 module offers generic crypto services and the software security device. It does not only store certificates.

So it does not matter what pkcs11 does or not or in which component it is configured in Firefox or anything else. External PKCS11 modules should be properly supported. That is what this bug is about. If someone has PKCS11 compatible crypto hardware it should be possible to use it for cryptographic services and to store certificates. 

This bug is neither invalid nor resolved. The only invalid thing is to close this bug invalid resolved.
(In reply to comment #8)
> lately the main objective of reviewers is to get rid of bugs as quickly as
> possible [...]. This gets so annoying.

Yes it does. If there were more people helping triage open bugs (hint hint) they could afford to spend more time understanding each one and hopefully run less risk of misunderstanding

> I have opened the bug 7 years ago.

You did? Looks like raccettura did, six years ago.

> External PKCS11 modules should be properly supported. That is what this bug
> is about. If someone has PKCS11 compatible crypto hardware it should be
> possible to use it for cryptographic services and to store certificates.

Mozilla clients fully support external PKCS11 modules for cryptographic services and storing certificates. For details or if you're having trouble integrating one please see the gurus in the mozilla.dev.tech.crypto newsgroup.
Assignee: dveditz → nobody
Component: Security: CAPS → Security: PSM
QA Contact: tpreston → psm
(In reply to comment #9)
> > External PKCS11 modules should be properly supported. That is what this bug
> > is about. If someone has PKCS11 compatible crypto hardware it should be
> > possible to use it for cryptographic services and to store certificates.
> 
> Mozilla clients fully support external PKCS11 modules for cryptographic
> services and storing certificates. For details or if you're having trouble
> integrating one please see the gurus in the mozilla.dev.tech.crypto newsgroup.

That's great. But then the status of this bug should be resolved fixed and not resolved invalid. Can't be really invalid if the requested feature has actually been implemented by now.
You need to log in before you can comment on or make changes to this bug.