Closed
Bug 98733
Opened 23 years ago
Closed 23 years ago
RFE: Add new security modules via HTTPS page
Categories
(Core Graveyard :: Security: UI, enhancement, P3)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
Future
People
(Reporter: Bill.Burns, Assigned: ssaux)
Details
Currently you can only install new security modules (i.e. smartcard PKCS#11
drivers) if the new modules are available via a filesystem. I'd like to make
this more portable by allowing users to add new security modules over an HTTPS
webpage. To reduce the risk of hackers trying to inject rogue security modules,
you should not be able to load them over an HTTP connection. Furthermore, if
the webserver's SSL server certificate does not chain up to a proper public root
certificate already installed in the user's browser, the connection attempt
should FAIL and NOT ask the user if they want to "trust the unknown certificate".
Right now, javascript on a webpage allows me to add a new PKCS#11 module like this:
result = pkcs11.addmodule("ActivCard Gold", "acpkcs.dll", 0, 0);
I'd like to see this capability expanded to this:
result = pkcs11.addmodule("ActivCard Gold",
"https://mothership.example.com/PKCS11_modules/acpkcs.dll", 0, 0);
Trying to deploy a security module to a heterogeneous OS population is tricky;
especially if anyone has to mount a file system to get the necessary files.
Assignee | ||
Comment 1•23 years ago
|
||
I like the idea but one issue with this is that the dll for the driver may
depend on other dlls. For example iButton requires the driver to be installed
locally. Having dspkcs.dll available via a URL wouldn't account for the three or
four additional dlls installed when Dallas Semi software is properly installed
on a box.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Target Milestone: --- → Future
Updated•23 years ago
|
QA Contact: bsharma → junruh
Assignee | ||
Comment 3•23 years ago
|
||
We do have pkcs11.addmodule()
closing.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•