User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/2009011913 Firefox/3.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206) Gecko/2009011913 Firefox/3.0.6 Currently there are two options in Tools/Options/Advanced/Encryption When a server requests my personal certificate: *Select one automatically *Ask me every time Automatic works fine with a single certificate but with more than one the user has to use the manual option. In the second case, the user is asked to select a certificate almost on every step of a transaction. Reproducible: Always Expected Results: If possible, would be better if the user is asked which certificate to use for the new session and after selection is done Firefox uses the selected certificate automatically while the session is active.
Interesting idea with some obvious use cases, but over to PSM for further discussion.
See also https://wiki.mozilla.org/PSM:CertPrompt for lots of ideas and details around client auth and multiple certs. We have other open bugs, but haven't been able yet to work on improvements.
In my particular case as an user there are two bank accounts managed from the same PC. One added lately. In automatic mode Firefox always takes the newer and session is broken with "Invalid certificate" message. It's obvious that fully automatic mode is quite a complicated task. Semi-automatic may be less difficult to accomplish. Sorry if I've written nonsense.
reassign bug owner. mass-update-kaie-20120918
** FIXME FIXME FIXME ** To me, this is more of a *bug* instead a feature request... Even if just one personal cert is installed, also other, potentially unwanted uninvolved open https tabs will trigger the authentication request popup. In case of several open tabs, it's easy to accidentially clicking OK, thus sending the certificate to servers not supposed to get that kind of authentication information. This poses a privacy invasion in cases, where such servers usually only get pseudonyms + passwords (e. g. forums), but now are also receiving potentially personally identifyable information - just because of one accidential click. If this also could pose securtiy implications, I can't judge. To help avoiding such scenarios in the first place, though, it might help to enable personal certs being pinned to selected servers/domains on the first hit, thus preventing accidentially sending personal authentication information to other servers later on, where not applicable/unwanted. This bug is not exactly NEW anymore... please prioritize this one soon!
Ivan - unless I'm misunderstanding, the current dialog has a checkbox you can check to make Firefox remember that decision for that site for your session. Is this the behavior you're looking for? Or are you saying Firefox should ask what certificate you want to use for every site for a session? fettucini - it sounds like you're either seeing the master password dialog (known issue: bug 177175 etc.) or you're describing the fundamental privacy problem with client certificates (also known issue, but not easily solvable). In any case, this bug will probably not address your concerns.