427668 - Avoid EV verification when it's not necessary

Status: RESOLVED WONTFIX

(Core :: Security: PSM, defect)

Description

[Kai Engert (:KaiE:)]

In bug 406755 we've checked in a patch to do EV verification at a very early time, in the AuthCertificateCallback.

This is unnecessary for any sockets (or applications) which don't make use of the EV SSL status bit.

Nelson has proposed, an application should explicitly request that it's interested in EV. Unfortunately, as of today, all crypto related init happens inside the PSM module, which is a module shared between all apps.

So, one could think of the following:
- have a pref value in core crypto, which says "EV is OFF"
- have a pref value in Firefox, which overrides that to "EV is ON"
- have PSM check for that pref at init time, 
  and do or do not perform EV verification during SSL

This is an enhancement for non-web apps.

But still, even in Firefox there might be SSL sockets that are unrelated to SSL. Maybe Chatzilla etc.

Maybe socket construction initiated by protocol specific code (mail, http) should pass in a flag whether EV verification should happen on a socket.

Comment 1

[Kai Engert (:KaiE:)]

Maybe fixing bug will become unnecessary once bug 324867 is done and PSM is able to make use of that feature.

Because then the callback could simply make sure all potentially required intermediates are still referenced, and delay EV verification until the application requests it (as it was done previously to the landing of bug 406755 attachment 312419 [details] [diff] [review].

Comment 2

[Kai Engert (:KaiE:)]

reassign bug owner.
mass-update-kaie-20120918

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

This doesn't seem particularly necessary (there's not too much of a performance hit now that we use mozilla::pkix, and if OCSP fetching is a concern, that can be disabled by a pref).