236461 - Problems importing a PKCS #7 certificate set in Mozilla

Status: NEW

(Core :: Security: PSM, enhancement, P5)

Description

[José M. Macías]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303


   We have been testing the behaviour of different browsers
  when downloading a PKCS #7 certificate set contained within 
  a single file in DER format. The file was created as stated
  in the man page for openssl's crl2pkcs7 tool:

     openssl crl2pkcs7 -nocrl -certfile newcert.pem
         -certfile demoCA/cacert.pem -outform DER -out p7.der

   The idea is to download several CA certificates at once. We
  think the user should be asked for each of the certificates
  within the file, because he or she propably won't want to
  install all of them. 

   We tested with Mozilla (latest builds) as well as other
  popular browsers (Microsoft Internet Explorer, Opera and
  Konqueror where tested).

   The only two that seems to have a reasonable behaviour are
  Internet Explorer and (maybe) Opera.

   The DER file used to make the tests detailed below is 
  available at:

    http://www.rediris.es/pruebas/tacar/

   The behaviour of the different browser is as follows:

   - IE 6 downloads the file containing the set of certificates
  and spawns the MS Windows Certificate Manager, letting the
  user choose which of the certificates to install.

   - Opera 7 built-in certificate manager displays all the
  certificates within the file, and lets the user install
  *all* of them.

   - Konqueror launchs the KDE Certificate Manager which seems
  to have problems displaying the information of the certificates;
  if the user choose the 'install' option, will install all the
  certificates. IMHO, that behaviour is dangerous, since the
  user is not being informed of what the browser is going to do.

   - Finally, Mozilla -latest tested: Mozilla 1.7b Mozilla/5.0
  (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303-, only
  displays the information for the first certificate, but it
  will install all of them if you decide to install the 
  displayed certificate.

   IE 6 approach seems to be the more reasonable, since the
  user is asked and is able to choose what to do.

   Opera approach is not bad at all, but the user will have to
  install all the certificates and then delete those that are
  not needed (if it's the case).

   Konqueror behaviour is definitively wrong.

   Mozilla should improve the way it handles the certificates,
  because someone would install additional (undesired?)
  certificates while the user is prompted to install only one
  certificate.


Reproducible: Always
Steps to Reproduce:
1.Just click in the link provided


Actual Results:  
Mozilla certificate manager only displays the first certificate in the set. But
if you install it, all certificates are installed.

Expected Results:  
I think Mozilla should display all the certificates within the set.

Comment 1

[Heikki Toivonen (remove -bugzilla when emailing directly)]

I remember reading from some document that DER could only contain a single
certificate...

Anyway, I can confirm this. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.6) Gecko/20040113

Comment 2

[chris hofmann]

adding wtc..  seems like more of nss thing than psm.  should this be security
sensitive?

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

I'm removing the security sensitive flag, because mozilla's behavior is 
exactly as designed and intended, and has been essentially the same 
ever since Communicator 4.0.  It's been documented for about 8 years.
See http://wp.netscape.com/eng/security/comm4-cert-download.html

A PKCS7 file of certs is supposed to contain a single cert chain, not a
collection of potentially unrelated certs.  

When downloading a set of certs and trusting it, one is making a fundamental
decision about trust.  The idea being put forth by the submittor is that a
given set of certs may contain some trustworthy and some untrustworthy certs.
But in that case, one must conclude that the source of that set of certs is
not entirely trustworthy.  

At most, this is a request for enhancement, asking that mozilla impose more
effort on the part of the user in making trust decisions.  There is much
debate now (in the mozilla public crypto newsgroup) about whether mozilla
imposes too much or too little responsibility on the end users, and whether
it offers too much or too little info for those decisions.  It is widely
observed that most users click through all security dialogs without reading
them.  The best solution is probably to give the users fewer decisiosn to 
make, less rope with which to hang themselves.  

In any case, this this correctly a PSM bug because it requests UI changes.
If additional NSS APIs are needed, the RFE for those APIs should come from
the PSM developer.

Comment 4

[karlsen]

Hi Nelson,

referring to ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc I think that multiple
root certificates should be possible within a single PKCS#7 file and be
processed as a sequence of single root certs... The processing of sub-CA certs
is OK.

Cheers

Reimer

Quote:

SignerInfos ::= SET OF SignerInfo

The fields of type SignedData have the following meanings:
[...]          
     o    certificates is a set of PKCS #6 extended
          certificates and X.509 certificates. It is
          intended that the set be sufficient to contain
          chains from a recognized "root" or "top-level
          certification authority" to all of the signers in
          the signerInfos field. There may be more
          certificates than necessary, and there may be
          certificates sufficient to contain chains from two
          or more independent top-level certification
          authorities. There may also be fewer certificates
          than necessary, if it is expected that those
          verifying the signatures have an alternate means
          of obtaining necessary certificates (e.g., from a
          previous set of certificates).