Open Bug 28975 Opened 25 years ago Updated 2 years ago

Add preference to turn off auto-add of S/MIME senders' certs

Categories

(MailNews Core :: Security: S/MIME, enhancement, P5)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
1.0 Branch
Type:
enhancement

Tracking

(Not tracked)

Milestone:
Future

People

(Reporter: hecker, Unassigned)

References

Details

(Whiteboard: [psm-smime] DUPEME) 

Today when a user receives an S/MIME signed message the certificate of the
sender is auto-added to the user's personal certificate database. Some users may
prefer that this not be done (just as some might object to auto-adding senders'
email address to their personal address book).

Thus I believe there should be a preference to allow users to turn off
auto-adding of senders' certificates.  This preference might be absolute (never
auto-add) or allow some flexibility (e.g., don't auto-add when reading signed
messages in a newsgroup, but do so for email messages).

If the preference is off (no auto-add) then there should be an alternate way to
get a sender's certificate into the database; for example, this could be done by
clicking on the "signed" icon and following a particular procedure. (Actually,
this may already be implemented -- I haven't checked.)

I believe that for ease of use by novice users the default preference should be
on, i.e., to auto-add by default. This makes it easier for people to get started
sending encrypted messages because they won't have to go through a separate
certificate lookup step if the sender has already sent them a signed message.
Status: UNCONFIRMED → NEW
Ever confirmed: true
This is actually a PSM enhancement; NSS already provides an API that
lets the caller say whether or not to save the certificates when
verifying a signature.  PSM would have to provide the UI and the
management of the associated preference(s) and then pass the appropriate
boolean value when calling NSS to do the signature verification.

So, I was attempting to change the product from NSS to PSM, but
apparently I am not allowed to do that.  Instead, this comment will
have to suffice until lord gets around to reading it and can move
it himself.  (Presumably he has permission? ;-)
I haven't tried it yet, but at least Mozilla should not give us any problems if 
we make the cert database read-only. I do not, and will not, use S/MIME since I 
do not believe in its trust model. I would like to disable it altogether. NC 4.x 
gives all kinds of trouble if you make cert7.db read-only. At least let Mozilla 
not do this.
repka, ask a module owner for to get the permission.
Component: Libraries → Client Library
Product: NSS → PSM
This is also part of a larger goal of separating information about trust (CAs, 
trusted web sites), my personal certs/keys, and the s/mime cache.
Component: Client Library → Libraries
Product: PSM → NSS
Perhaps it is part of that larger goal, but I'd prefer to write up that
stuff as a separate "bug", if that is desired, and not try to lump it
all into here.  This is a pretty specific request, and one which could
be implemented without too much trouble as things are today, *without*
a lot of change in underlying infrastructure.  Even in the future world
we will want to do auto-saves of certs, and some people will not want
to do that, so it seems like a valid standalone request to me.

Adding cert-related folks to the cc list due to the controversy.
I just edited repka's bugzilla account so she can now freely edit bugs.
I'll let repka move the bug just to make sure it works.
Assigning to chrisk, and moving to PSM based on Lisa's comments.
Assignee: lord → chrisk
Component: Libraries → Client Library
Product: NSS → PSM
Version: unspecified → 2.0
Status: NEW → ASSIGNED
Changing QA contact to nitinp
QA Contact: lord → nitinp
QA Contact: nitinp → junruh
Setting target to 2.1.
Assignee: chrisk → ddrinan
Status: ASSIGNED → NEW
Target Milestone: --- → 2.1
Keywords: nsenterprise
Moving to future. Since S/MIME is not part of 2.1, there's little need for this.
removing nsenterprise keyword.
Keywords: nsenterprise
Target Milestone: 2.1 → Future
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
QA Contact: ckritzer → junruh
This one should get some attention as the S/MIME is in mozilla trunk now.
Blocks: 74157
Component: Client Library → S/MIME
Adding this pref would not be sufficient. Once you add that, you also need a way
to manually import a cert (from a message etc.), to enable the user to compose
an encrypted message to somebody.

*** Bug 171434 has been marked as a duplicate of this bug. ***
There is already a global pref, whether to add email addresses to address book
or not. I suggest we could re-use the same pref for the decision, whether S/Mime
certs from incoming or outgoing mail messages are stored or not.

I don't think that this is a good idea. A user might want to get the email
addresses added, but carefully examine the certs.
QA>Charles
Assignee: ddrinan → kaie
Priority: P3 → P5
QA Contact: junruh → carosendahl
Version: 2.0 → 2.4
jglick: can you please spec a way for users to manually add sender's certs?
Product: PSM → Core
QA Contact: carosendahl → s.mime
Version: psm2.4 → 1.0 Branch
Product: Core → MailNews Core
Assignee: kaie → nobody
Whiteboard: [psm-smime] DUPEME
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.