Open Bug 84213 Opened 19 years ago Updated 16 days ago

S/MIME should not support weak crypto

Categories

(MailNews Core :: Security: S/MIME, enhancement, P2)

enhancement

Tracking

(Not tracked)

People

(Reporter: rrelyea, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-smime])

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.1) Gecko/20010605
Netscape6/6.1b1
BuildID:    N/A

We need a function in the browser which will lock out sending email messages to
certain users or in general which aren't strongly encrypted.

The reason for this is there are some environments where our users need to
securely communicate in countries where their religious and political freedoms
are impaired. These countries  collect email and web data comming through their
firewalls, and weakly encrypted data, or unencrypted data with particular key
words are targetted.

For these cases we need to provide means in which users can ask the browser's
assistance in preventing weakly encrypted or unencrypted data from leaving the
machine.

David, this is really an eClient bug, but I couln't find an eClient component.
Mark it target fix in the future (It's a place holder for when we discuss this
encryption.

Reproducible: Didn't try
target -> future
P2
Priority: -- → P2
Target Milestone: --- → Future
Version: 1.01 → 2.0
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
If this bug is simply requesting S/MIME support in Mozilla MailoNews it should
be duped as bug 74157
This really looks like a dupe of but 74157. Also, alam's test plan should handle
warning dialog testing. http://eclient.mcom.com/qa/emojo/tests/smime/smime_func.html

*** This bug has been marked as a duplicate of 74157 ***
Status: NEW → RESOLVED
Closed: 19 years ago
QA Contact: ckritzer → junruh
Resolution: --- → DUPLICATE
Version: 2.0 → 2.1
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Summary: Future: S/MIME feature enhancement request → S/MIME should not support weak crypto
This is not a dup.  I've changed the title from
S/MIME support in Mozilla Mail
to
S/MIME should not support weak crypto
in order to better spell out the request.
this story gives reasons why S/MIME shouldn't be used at all.
http://wired.com/news/technology/0,1282,7220,00.html
You don't need a distributed attack to crack weak crypto.  One computer is
enough.  I don't see how a well established truth about cryptography in general
invalidates S/MIME.  It should invalidate weak crypto, which this bug is about.
Blocks: 74157
Mass reassign ddrinan's PSM bugs (with his permission) to nobody
Assignee: ddrinan0264 → nobody
Status: REOPENED → NEW
QA Contact: junruh → nobody
Target Milestone: Future → ---
Product: PSM → Core
QA Contact: nobody → ui
Perhaps a configuration option can be added to disable certain smime algorithms. For example, I'd like to disable RC2 algorithm in Thunderbird's S/MIME encryption, because I cannot read RC2 encrypted S/MIME email with KMail or gpgsm.

http://steffenpingel.de/news/archive/2006/mar/05/reading-mails-encrypted-by-thunderbird-with-kmail/

http://www.nabble.com/gpgsm-1.9.22-supports-no-RC2-Algorithm---tf3581426.html
Correcting the bug's component.  Should be S/MIME
Assignee: nobody → kengert
Component: Security: UI → Security: S/MIME
QA Contact: ui → s.mime
Version: psm2.1 → Trunk
File mozilla/security/nss/lib/smime/smimeutil.c
has a map named smime_cipher_map.
It lists all supported S/Mime ciphers and currently has them all enabled.

I propose we introduce a separate preference for each of them.
Then we could consider to disable the weak ciphers by default for TB 3 / SM 1.5

SMIME_RC2_CBC_40
SMIME_DES_CBC_56
SMIME_RC2_CBC_64
SMIME_RC2_CBC_128
SMIME_DES_EDE3_168
SMIME_AES_CBC_128
SMIME_FORTEZZA
Product: Core → MailNews Core
Assignee: kaie → nobody
Whiteboard: [psm-smime]
You need to log in before you can comment on or make changes to this bug.