PSM:Topics: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 17: Line 17:
Whiteboard: [psm-cert-duplicates]
Whiteboard: [psm-cert-duplicates]


= Error pages for invalid certificates =
== Error pages for invalid certificates ==
 
[psm-cert-error-pages]


= Next =
= Next =

Revision as of 12:24, 6 June 2010

PSM is a code module in the Mozilla platform. Formerly PSM meant "personal security manager", because it was implemented as a separate program. Things have changed long ago, the code is now an internal code module. Encryption technologies (such as SSL and PKI in general) have become a mandatory part of the Mozilla applications.

The PSM acronym may also be described as "Platform Security Module".

(As a reminder, PSM is internal glue code that connects the Mozilla platform code to the external NSS libraries. It's NSS that contains the general purpose implementations for core security protocols, algorithms and much more.

This page lists areas related to PSM code that are not (yet) solved sufficiently.

Certificate Management

Invalid duplicate certificates

The PKI related standard documents for X.509 certificates and certificate infrastructures require that all certificates issued in the world follow a simple rule: The pair of {issuer-certificate-subject-name, serial number} must always be unique.

The implementation of NSS assumes that the world is perfect and no such duplicates exist. Unfortunately, in the real world mistakes are being made, and such duplicates exist. When NSS experiences such duplicates, it will get confused, which may lead to unexpected behaviour. For example, a user's storage or cache of certificates may contain a certificate A, and visiting a website may involve another certificate B, which both have the same {issuer,serial} pair. It may be impossible to visit the website, and the user may not understand the cause (and the Mozilla application will not clearly report the cause). Resolving the situation might require erasing the local storage/cache or asking the website administrator to install a different certificate.

Whiteboard: [psm-cert-duplicates]

Error pages for invalid certificates

[psm-cert-error-pages]

Next