Closed Bug 32878 Opened 25 years ago Closed 25 years ago

Master cert strategy

Categories

(Core :: Security, defect, P3)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: security-bugs, Assigned: security-bugs)

Details

(Whiteboard: Fix in hand)

Need to test scripts signed by the pre-instaled AOL/Netscape certificate(s) to make sure they are validated and automatically trusted. Also need to find out if a mechanism is in place for granting trust to new certificate authorities/ corporate certs.
Status: NEW → ASSIGNED
Target Milestone: ---
Update: Need to designate a master cert which has all privileges, including the privilege to grant privileges to other certs, and to revoke privileges permanently (the antidote script). Need to make sure a Netscape master cert is installed in the client, but can be changed.
Summary: Test signed scripts using AOL cert → Master cert strategy
Also need APIs accessible through JavaScript for installing and revoking certs.
I have a working implementation of this in my tree. Need to decide what the Javascript API for this should look like, and where the master "system principal" cert should reside. It used to be the signature on the Java class files...do we have some file in the distribution which should be signed? Or should we just creae a .jar file specifically to hold the system principal signature?
Finishing up this code...will be checked in this week.
Whiteboard: Fix in hand
Finishing up this code...will be checked in this week.
Target Milestone: --- → M16
I realize that mozilla will not automatically trust netscape-signed scripts (according to mstoltz), but I'm wondering if there's a valid reason for mozilla to automatically trust any script. I assume that "automatically" means "without user intervention or notification". Why is this better than allowing the user to intervene and cancel the execution of a script?
I would agree; Mozilla should _maybe_ trust a mozilla.org-rooted chain of certs, but even that seems iffy. Mitch, were you planning on checking this into the Mozilla tree, or just in the Netscape builds?
Sorry if this bug was misunderstood - this is undoubtedly due to the lack of good security documentation. Documentation has taken a back seat to implementation thus far. So, to clarify, Mozilla will _not_ grant trust to any cert without asking the user. Once asked, a user can specify 'Don't Ask Again.' Part of this bug is to make sure that the underlying signature veriication code (PSM) correctly accepts certs signed by a recognized cert authoritiy. The other part is to allow a "system certificate" to be installed such that code signed by that certificate can grant privileges to other certificates. Netscape will use this functionality. Mozilla won't have the Netscape certificate pre-installed, so this functionality will be deactivated by default in Mozilla. Users/developers who desire this sort of functionality can install their own system cert. Regardless, it's a small amount of code and I don't think the extra effort required to make it Netscape-only code is justified.
OK, that's reasonable. I don't have any problem with the capability: many vendors or deployers may wish to use it, and there are reasonable applications. I just wanted to make sure that Netscape's cert wasn't trusted, by default and without user signalling, in the stock Mozilla. Thanks for the explanation.
Most of the code for this is in. Needs a little tweaking, and we need to install the CPD master cert in the Netscape commercial tree.
CPD cert has been checked in, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Is there a testcase, so that I can verify this?
Assigning QA to czhang
QA Contact: junruh → czhang
Mitch: How to tell the master Cert is in? and what are the javascript APIs to change and revoke other certs, thanks.
Cathy, I'll give you a demo of this today.
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.