Closed
Bug 32878
Opened 25 years ago
Closed 25 years ago
Master cert strategy
Categories
(Core :: Security, defect, P3)
Core
Security
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: security-bugs, Assigned: security-bugs)
Details
(Whiteboard: Fix in hand)
Need to test scripts signed by the pre-instaled AOL/Netscape certificate(s) to
make sure they are validated and automatically trusted. Also need to find out if
a mechanism is in place for granting trust to new certificate authorities/
corporate certs.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: ---
Assignee | ||
Comment 1•25 years ago
|
||
Update: Need to designate a master cert which has all privileges, including the
privilege to grant privileges to other certs, and to revoke privileges
permanently (the antidote script). Need to make sure a Netscape master cert is
installed in the client, but can be changed.
Summary: Test signed scripts using AOL cert → Master cert strategy
Comment 2•25 years ago
|
||
Also need APIs accessible through JavaScript for installing and revoking certs.
Assignee | ||
Comment 3•25 years ago
|
||
I have a working implementation of this in my tree. Need to decide what the
Javascript API for this should look like, and where the master "system principal"
cert should reside. It used to be the signature on the Java class files...do we
have some file in the distribution which should be signed? Or should we just
creae a .jar file specifically to hold the system principal signature?
Assignee | ||
Comment 4•25 years ago
|
||
Finishing up this code...will be checked in this week.
Whiteboard: Fix in hand
Assignee | ||
Comment 5•25 years ago
|
||
Finishing up this code...will be checked in this week.
Target Milestone: --- → M16
Comment 6•25 years ago
|
||
I realize that mozilla will not automatically trust netscape-signed scripts
(according to mstoltz), but I'm wondering if there's a valid reason for mozilla
to automatically trust any script. I assume that "automatically" means "without
user intervention or notification". Why is this better than allowing the user
to intervene and cancel the execution of a script?
I would agree; Mozilla should _maybe_ trust a mozilla.org-rooted chain of certs,
but even that seems iffy. Mitch, were you planning on checking this into the
Mozilla tree, or just in the Netscape builds?
Assignee | ||
Comment 8•25 years ago
|
||
Sorry if this bug was misunderstood - this is undoubtedly due to the lack of good
security documentation. Documentation has taken a back seat to implementation
thus far. So, to clarify, Mozilla will _not_ grant trust to any cert without
asking the user. Once asked, a user can specify 'Don't Ask Again.' Part of this
bug is to make sure that the underlying signature veriication code (PSM)
correctly accepts certs signed by a recognized cert authoritiy. The other part is
to allow a "system certificate" to be installed such that code signed by that
certificate can grant privileges to other certificates. Netscape will use this
functionality. Mozilla won't have the Netscape certificate pre-installed, so this
functionality will be deactivated by default in Mozilla. Users/developers who
desire this sort of functionality can install their own system cert. Regardless,
it's a small amount of code and I don't think the extra effort required to make
it Netscape-only code is justified.
OK, that's reasonable. I don't have any problem with the capability: many
vendors or deployers may wish to use it, and there are reasonable applications.
I just wanted to make sure that Netscape's cert wasn't trusted, by default and
without user signalling, in the stock Mozilla.
Thanks for the explanation.
Assignee | ||
Comment 10•25 years ago
|
||
Most of the code for this is in. Needs a little tweaking, and we need to install
the CPD master cert in the Netscape commercial tree.
Assignee | ||
Comment 11•25 years ago
|
||
CPD cert has been checked in, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Comment 12•24 years ago
|
||
Is there a testcase, so that I can verify this?
Comment 14•24 years ago
|
||
Mitch:
How to tell the master Cert is in? and what are the javascript APIs to
change and revoke other certs, thanks.
Assignee | ||
Comment 15•24 years ago
|
||
Cathy,
I'll give you a demo of this today.
You need to log in
before you can comment on or make changes to this bug.
Description
•