503664 - in x.509 certificate choice dialogue box, `Remember this choice' should not be automatically checked

Status: RESOLVED WONTFIX

(Core Graveyard :: Security: UI, defect)

Description

[riastradh]

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/525.18 (KHTML, like Gecko, Safari/525.20) OmniWeb/v622.6.1.0.111015
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1) Gecko/20090624 Firefox/3.5

I have Firefox configured to prompt me whenever an HTTPS server requests x.509 client credentials.  I manage several certificates and often need the choice between them.  I furthermore do not want Firefox *ever* to nonrepudiably authenticate my identity to the server without my *express* consent.

In Firefox 3 prior to 3.5, when an HTTPS server requested x.509 client credentials, Firefox would prompt me before it would nonrepudiably authenticate my identity to the server.  For the most part, Firefox 3 did what I wanted.  (Sometimes the dialogue box would pop out of the wrong window, but that doesn't bother me much.)  If Firefox was repeatedly asked for x.509 client credentials when browsing a web site on a badly configured HTTPS server, I could just hit `return' repeatedly, and while this is annoying, it is a problem of the HTTPS server, not of Firefox, and consequently it should be solved on the HTTPS server, not in Firefox.  As far as I know, however, Firefox never made nonrepudiable signatures of my identity without my knowledge and express consent.

In Firefox 3.5, in the dialogue box that Firefox pops up for a choice of certificate, there is a checkbox `Remember this decision'.  This checkbox is automatically checked.  Furthermore, there is no obvious way for me to make Firefox forget the decision, short of restarting Firefox.  So if the dialogue box pops up on a web site where I expect exactly sixty-nine of them, I can no longer just hit `return' sixty-nine times; instead I must navigate the cursor to a checkbox, uncheck it, and hit `return', sixty-nine times.

1. The checkbox should not be automatically checked.  If a user wants Firefox to remember the decision, and automatically make nonrepudiable signatures of his identity, that should be the user's prerogative, not Firefox's.  Personally I want Firefox *NEVER* to make signatures with my private key without my express consent each time.  (This holds for any software, for that matter, not merely Firefox.)

2. The information that Firefox remembers should be transparent and editable or removable, in an obvious way.  (For example, perhaps next to the `Remember this decision' checkbox, there could be a link `Edit these decisions.' to a configuration panel for editing these decisions.)

Reproducible: Always

Steps to Reproduce:
1. Install Firefox 3.5, configured so that it prompts for certificate choices.
2. Point Firefox at a web site whose HTTPS server requests x.509 client credentials.
3. Profit!
Actual Results:  
Firefox opened a dialogue box for a choice of certificate with `Remember this decision' checked.  Since I expected the dialogue box, indeed eight of them for this particular web site, I hit `return' by reflex, and immediately thought something was amiss when Firefox did not proceed to prompt me for the remaining seven.  Then it registered that the dialogue box was different, and I navigated all over Firefox's preference panes in search of a way to make it forget this decision, in vain.

Expected Results:  
Firefox should not have had `Remember this decision' automatically checked.

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler]]

That checkbox acts on a per-run basis, so if you close and reopen Firefox it should prompt you again. In any case, it's also on a per-site basis, so if you were comfortable identifying yourself to a website with a particular certificate once it's unclear why it wouldn't be acceptable to identify you every time that site asked again for the rest of that session. The other option is to have Firefox prompt for every single new connection to that site, which is a bad user experience.