Closed
Bug 292824
Opened 19 years ago
Closed 19 years ago
Certificate management should be cryptographically secured
Categories
(SeaMonkey :: Security, enhancement)
SeaMonkey
Security
Tracking
(Not tracked)
RESOLVED
EXPIRED
People
(Reporter: u20230201, Assigned: dveditz)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 I made a mistake: I read a book about PKI (Public Key Infrastructure) ;-) Most users when using TLS or SSL (HTTPS) seems to be happy to know that their data is sent encrypted to some remote endpoint. However, TLS gives you more: Know whom you are talking to. The latter is implemented through X509 certificates. Currently the common browsers come with several "trusted" CA certificates presinstalled. The user may add, modify, or remove those "trusted" certificates. Trust in any certificate is automatically deduced from the base of installed "trusted" CA certificates. (Note that I'm using quotation marks around "trusted") Now imagine a two-step visrus does the following: Step 1: Import a new CA-Certificate of questionable reputation via some trojan to your "trust base" Step 2: Some Program convinces you to visit a HTTPS protected site (a forgery) to send precious private information (like passwords or credit card numbers) The browser will fully trust the dubious site's certificate as there is a bogus trusted CA imported to your "trusted CA base". If that sounds too far away for you, imagine: <Joe.Programmer@global-player.com> who is responsible for software installation in a big company has produced an applet of dubious security (ability to withstand attacks). To avaoid any application warnings, he signs his applet with his self-signed certificate, which, in turn. he automatically distributes on PCs in the company. No user will notice that his browser has a new, dubious trustworthy certificate. IMHO trust is a matter of personal decision, thus the "trusted base" should be protected at the same level as the password manager (what about the form manager?) protects its data. So if the user chose to protect the passwords via a "master password" (security device), data of similar sensitivity should be protected similarly. If not encryping the certificate storage, a digital signature (hash) should be at least stored to the security device to recognize tampering of the certificate storage. I know that there are still enough possible attacks (like installing a modified trojan browser that will always find itself uncorrupted), but increasing protection of sensitive data seems important to me. Reproducible: Always Steps to Reproduce: See lengthy description.
Comment 1•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Comment 2•19 years ago
|
||
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
You need to log in
before you can comment on or make changes to this bug.
Description
•