Closed Bug 98733 Opened 23 years ago Closed 23 years ago

RFE: Add new security modules via HTTPS page

Categories

(Core Graveyard :: Security: UI, enhancement, P3)

1.0 Branch
x86
Windows 2000
enhancement

Tracking

(Not tracked)

VERIFIED WORKSFORME
Future

People

(Reporter: Bill.Burns, Assigned: ssaux)

Details

Currently you can only install new security modules (i.e. smartcard PKCS#11 drivers) if the new modules are available via a filesystem. I'd like to make this more portable by allowing users to add new security modules over an HTTPS webpage. To reduce the risk of hackers trying to inject rogue security modules, you should not be able to load them over an HTTP connection. Furthermore, if the webserver's SSL server certificate does not chain up to a proper public root certificate already installed in the user's browser, the connection attempt should FAIL and NOT ask the user if they want to "trust the unknown certificate". Right now, javascript on a webpage allows me to add a new PKCS#11 module like this: result = pkcs11.addmodule("ActivCard Gold", "acpkcs.dll", 0, 0); I'd like to see this capability expanded to this: result = pkcs11.addmodule("ActivCard Gold", "https://mothership.example.com/PKCS11_modules/acpkcs.dll", 0, 0); Trying to deploy a security module to a heterogeneous OS population is tricky; especially if anyone has to mount a file system to get the necessary files.
I like the idea but one issue with this is that the dll for the driver may depend on other dlls. For example iButton requires the driver to be installed locally. Having dspkcs.dll available via a URL wouldn't account for the three or four additional dlls installed when Dallas Semi software is properly installed on a box.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Target Milestone: --- → Future
QA Contact: bsharma → junruh
Enhancement.
Severity: normal → enhancement
Version: 2.0 → 2.3
We do have pkcs11.addmodule() closing.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Verified per ssaux' comment.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.