Open Bug 1879263 Opened 1 year ago Updated 13 days ago

Misleading warning for expired S/MIME certificate: "untrusted CA"

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: Ralf-mozilla.org, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0

Steps to reproduce:

Revisted an "old" message I sent that was sitting in "Sent" folder. That message was digitally signed with a now-expired S/MIME certificate.

Actual results:

TB displayed the red triangular warning icon for S/MIME on the right-hand side of the "Reading" pane, and when I clicked on it it displayed the message: "Digital Signature is not valid. The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate."

Expected results:

The warning is misleading, strictly speaking even wrong. The CA is actually trusted, but my certificate (whose corresponding private key I used to sign the message) is expired meanwhile. So it should have said something like "The certificate used to sign the message is expired, but the digital signature itself is valid."

(Technically the certificate is not used to sign the message, but the corresponding private key, but I think most non-technical people would phrase it like this and be confused if you speak about a "private key"...)

Component: Untriaged → Security: S/MIME
Product: Thunderbird → MailNews Core
Type: enhancement → defect

Yes, the experience for that should get improved, but we haven't gotten to it yet, and no final agreement has been reached what would be best to say here.

One problematic detail is that we no longer know whether the certificate was already revoked at signing time, and we can no longer find out, because after expiration, CAs are no longer publishing old revocation information.

(In reply to Kai Engert [:KaiE:] from comment #1)

One problematic detail is that we no longer know whether the certificate was already revoked at signing time, and we can no longer find out, because after expiration, CAs are no longer publishing old revocation information.

Somehow there seems to be confusion, not sure whether it's me who is misunderstanding anything or you?

It's not about a revoked certificate, but about an expired one.

In my understanding TB should be able to determine the time when the signature was created, and the time when the certificate expired (provided the old keypair is still in TB's keyring). So it would be able to tell that it was signed with a "trusted" certificate ("signed by a trusted CA"), but that the certificate has expired meanwhile (which doesn't make the signature on the email invalid), and that the signature on the email is valid nevertheless.

I hope I've summarized my reasoning well? Please let me know if it's still unclear.

Many thanks for looking into this.

I understand that your certificate is expired, not revoked.

The problem is, we can no longer find out whether it had ever been revoked.

That means, in theory, it could have been revoked. And if it had been revoked, it would be wrong to say a signature created with that certificate in the past is valid - because in theory, the certificate might have been revoked before that date.

I think when we know it's at least expired, we should say that. That it would be revoked seems generally unlikely.
Also, the message reported is still wrong according to comment 0 - it has nothing to do with the CA authority.

(In reply to Kai Engert [:KaiE:] from comment #3)

I understand that your certificate is expired, not revoked.

The problem is, we can no longer find out whether it had ever been revoked.

That means, in theory, it could have been revoked. And if it had been revoked, it would be wrong to say a signature created with that certificate in the past is valid - because in theory, the certificate might have been revoked before that date.

I see your point, but does it really make sense to perform such reasoning?

Should the assessment of the signature not just be done based on the certificate "on file", disregarding such peculiarities?

TB could even issue a warning that includes a disclaimer like "(but the certificate could have been revoked after the signature was created)"?

(In reply to Magnus Melin [:mkmelin] from comment #4)

Also, the message reported is still wrong according to comment 0 - it has nothing to do with the CA authority.

Indeed. That was actually my main point. ;-)

(In reply to Ralf G. R. Bergs from comment #5)

TB could even issue a warning that includes a disclaimer like "(but the certificate could have been revoked after the signature was created)"?

This seems reasonable to me. The user can then use context to evaluate whether they think it's conceivable it was revoked or not.

You need to log in before you can comment on or make changes to this bug.