407828 - Improve comments in security interfaces that embeddors might implement

Status: RESOLVED WORKSFORME

(Core :: Security: PSM, defect, P2)

Description

[Kai Engert (:KaiE:)]

PSM provides interfaces that embedding applications can override.
They are designed to allow applications to use their own chrome.

Some interfaces are designed to give users a choice to review sensitive information and make momentous decisions, like installing a CA cert as trusted or providing a private key to an issuing authority.

This bug proposes to review the existing interfaces and use more obvious comments.

This will prevent embeddors from accidentially using wrong function result values and hopefully will prevent security issues.


The following interfaces might be of interest:

 nsITokenPasswordDialogs,
 nsICertificateDialogs,
 nsIClientAuthDialogs,
 nsICertPickDialogs,
 nsITokenDialogs,
 nsIDOMCryptoDialogs,
 nsIGeneratingKeypairInfoDialogs

There might be other interfaces I'm missing.


Here are some first proposals:

 ConfirmDownloadCACert
   // If an implementation chooses not to implement UI for displaying
   // the cert and asking the user for confirmation,
   // then this function must return PR_FALSE.

 ConfirmKeyEscrow
   // If an implementation chooses not to implement UI that asks the user for 
   // confirmation to hand out the private key, 
   // then this function must return PR_FALSE.

Comment 1

[Daniel Veditz [:dveditz]]

I'm not sure this bug needs to be security-sensitive, although I guess it won't hurt to it that way until Nokia can update their implementation.

Comment 2

[Mike Schroepfer]

Kai will you have time for this before ship?

Comment 3

[Kai Engert (:KaiE:)]

I'm no longer sure this deserves to have a high priority. Nobody else has made the same mistake in the previous 4 years.

Comment 4

[:Cykesiopka]

The PSM IDL documentation is somewhat lacking, but AIUI, nobody really embeds Gecko anymore.
So, we can just fix each IDL one at a time as reasonable.