Open Bug 638966 Opened 13 years ago Updated 5 months ago

Store the sync key in the system keychain and/or in the NSS keystore/certdb

Categories

(Firefox :: Sync, enhancement, P3)

Product:
Firefox
Component:
Sync
Type:
enhancement

Tracking

()

People

(Reporter: briansmith, Unassigned)

References

(Blocks 2 open bugs)

Details

The Sync key should be stored in the operating system keychain (when available) and/or in the NSS keystore/certdb instead of in password manager.  This was suggested by someone in the Sync team but I forgot who already. This would prevent the user's sync from being deleted when the password manager is cleared. (Presumably, they would still have to re-enter their sync username/password to use sync, right?) Potentially this would also be part of the work which would enable Sync to work even when Firefox is in FIPS mode.

The best place to store the password depends on many factors including: (a) whether the operating system exposes a keychain API accessible to Firefox/Sync, (b) whether the user is (securely) authenticated by the operating system, (c) whether the user uses multiple profiles and/or multiple OS accounts when computers are shared by multiple users, and/or (d) whether the user has a master password set on his Firefox profile.
See also bug 496660.
See Also: → 496660
Blocks: 727206, 553400
Severity: enhancement → normal
It's worth considering this at some point given the amount of interference we're seeing with third-party password managers.
Flags: firefox-backlog+
Priority: -- → P3
Severity: normal → enhancement
Priority: P3 → --
Component: Firefox Sync: Crypto → Sync
Product: Cloud Services → Firefox

We could consider taking a fresh look at this when we come to integrate the Logins storage rust component, since that'll be making some changes to the current location at which the key is stored.

Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.