Closed Bug 652579 Opened 14 years ago Closed 8 years ago

Enforce a whitelist of PKCS#11 modules trusted for crypto operations other than client signatures

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: briansmith, Unassigned)

Details

(Whiteboard: [psm-smartcard])

Some add-ons install PKCS#11 modules into Firefox to better support client authentication. The side-effect is that these PKCS#11 modules potentially could accidentally or intentionally replace our implementation of any/all crypto operations with their own. This level of extensibility is unnecessary and dangerous. There are only two cases where we need to allow another PKCS#11 module to be used, AFAICT: (1) Client signatures (SSL client authentication and document signatures) (2) Some Linux Distros (e.g. Red Hat) strip out ECC support from softoken, and the user must use another PKCS#11 module for ECC support.
Ah, this is by design. For NSS there are situations where it's important to replace the softoken implementations, and is often times quite necessary. There are a number of historical products that do this. This list is primarily operating at the OS level of NSS. All that being said, if the whitelist is restricted to mozilla modification of the secmod 'default' parameters. Then I think that my be reasonable. A whitelist for *ALL* pkcs #11 modules, or trying to sort out PKCS #11 modules that have been installed outside of mozilla would be counter productive. bob
Again this is not implemented by Addon, it is in CCB's "helper package".
Wei, your explanation of CCB's PKCS#11 module made me think about this, but I am not saying that this is actually a problem with CCB's helper package.
Whiteboard: [psm-smartcard]
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.