PSM:Topics: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
 
(42 intermediate revisions by the same user not shown)
Line 9: Line 9:
Tags listed in [] brackets can be found in the status whiteboard of related bugs at bugzilla.mozilla.org
Tags listed in [] brackets can be found in the status whiteboard of related bugs at bugzilla.mozilla.org


= Grouped by importance =


= Fatal issues like crashes, deadlocks, dataloss =
== New unconfirmed bug reports ==
 
We have lots of new incoming bug reports which have not yet been triaged.
 
Any help to reduce the queue is welcome!
 
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&component=Security%3A%20PSM&component=Security%3A%20UI&product=Core Primary queue]
 
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&component=Security%3A%20S%2FMIME&product=Core S/Mime queue part 1] and [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&component=Security%3A%20S%2FMIME&product=MailNews%20Core part 2]
 
== Fatal issues like crashes, deadlocks, dataloss ==


We have bugs that may cause fatal misoperation, crashes, deadlocks or dataloss.
We have bugs that may cause fatal misoperation, crashes, deadlocks or dataloss.
Line 16: Line 27:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-fatal%5D psm-fatal] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-fatal%5D psm-fatal] ]


== Issues related to vulnerabilities ==


= Issues related to common vulnerabilities =
This includes both potential vulnerabilities and those which have been made public already.


[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cve%5D psm-cve] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cve%5D psm-cve] ]


= Roadblocks =
== Roadblocks ==


Some bugs make it very difficult very users to use the PSM features, and frustrate users, and may have the effect that people want to avoid security features.
Some bugs make it very difficult very users to use the PSM features, and frustrate users, and may have the effect that people want to avoid security features.
Line 27: Line 39:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-roadblock%5D psm-roadblock] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-roadblock%5D psm-roadblock] ]


== Architecture level tasks ==


== Multiple Master password prompts ==
This is where we need to design new base solutions and services that can later be used for functionality or simplified engineering, usually requiring new interaction between PSM and other modules.


This is quite annoying, multiple bugs tracked from [https://bugzilla.mozilla.org/show_bug.cgi?id=570421 meta bug 570421].
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-arch%5D psm-arch] ]


== Failing Builds or Failing Tests ==


= Failing Builds or Failing Tests =
Issues related to tinderbox test or build failures.


[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-build%5D psm-build] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-build%5D psm-build] ]


== Code inconsistencies, Assertion failures, Memory leaks ==
These are errors that have been detected in the code, like reports about assertion failures, memory leaks, or other mistakes that have been identified through code inspection.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-logic%5D psm-logic] ]


= Minor issues and easy improvements =
== Minor issues and easy improvements ==


This is for issues that request to fix a typo, or keyboard shortcuts, etc., but doesn't affect correctness of functional behaviour.
This is for issues that request to fix a typo, a simple polish level improvement, or keyboard shortcuts, etc., but doesn't affect correctness of functional behaviour.
It also includes improvements which are rather simple to implement. We just need someone to help get it done.
It also includes easy code cleanup and minor improvements which are obviously simple and straightforward to implement. We just need someone to help get it done.


[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-easy%5D psm-easy] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-easy%5D psm-easy] ]


== Policy issues ==
This is for requests or issues that would require a policy change. For example, today our product deliberately behaves in a given way, and today we believe it's the right thing to do. However, this might change in the future, or after intensive discussions.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-policy%5D psm-policy] ]
= Grouped by functional area =


= Desired Improvements to Functional Behaviour =
== Improve Secure authentication ==


== Padlock issues ==
This is for issues and feature requests around protocol based authentication against Internet sites (Instead of having a web form, you authenticate using a mechanism that is implemented in a communicaton protocol and implemented with user interface provided by the application (often called Chrome)).
 
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-auth%5D psm-auth] ]
 
=== SSL client authentication ===
 
This is one area where we'd like all Mozilla applications to improve (not limited to browser applications, but including email protocols etc.).
 
See also
* http://kuix.de/mozilla/sslauth/
* http://kuix.de/mozilla/sslauth/cli-v1-pres/
* http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/fb6e52c772b7db42
* [[PSM:CertPrompt]]
 
Tracked from [https://bugzilla.mozilla.org/show_bug.cgi?id=159274 meta bug 159274].
 
== Issues around the usability of Smartcards ==
 
PSM comes with a "software security device", which could be seen as a virtual smartcard, simulated using files stored in the user's directory. Certificates are accessed using the pkcs#11 interface. Physical smartcards can be used to provide similar functionality. This category is for issues where smartcards don't work right.
 
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-smartcard%5D psm-smartcard] ]
 
== Issues around CRLs (Certificate Revocation Lists) ==
 
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-crl%5D psm-crl] ]
 
== Master Password ==
 
Issues related to the master password. This list includes the annoying multiple prompts on startup.
 
Tracked from [https://bugzilla.mozilla.org/show_bug.cgi?id=570421 meta bug 570421].
 
== Padlock and mixed content (in the browser) issues ==


PSM is responsible for producing the correct security state of a web page, which has historically been displayed using a padlock (solid, broken or absent), and which more recently is being shown using URL bar background colors, and confirmed site name or identity indicators to the left of the URL bar.
PSM is responsible for producing the correct security state of a web page, which has historically been displayed using a padlock (solid, broken or absent), and which more recently is being shown using URL bar background colors, and confirmed site name or identity indicators to the left of the URL bar.
Line 56: Line 114:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-padlock%5D psm-padlock] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-padlock%5D psm-padlock] ]


== TCP/IP issues ==
Issues related to the socket level communication, SSL/TLS procotol level logic.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-tcpip%5D psm-tcpip] ]
=== OCSP issues ===
Problems that occur because OCSP is enabled, either default mode, or strict mode. Tracked in [https://bugzilla.mozilla.org/show_bug.cgi?id=157555 meta bug 157555].
=== TLS intolerance detection and automatic recovery ===
Sometimes servers behave wrong when connecting with modern TLS protocols. PSM tries to deal gracefully, but there are scenarios where it doesn't work right. Tracked in [https://bugzilla.mozilla.org/show_bug.cgi?id=239381 meta bug 239381]


== Certificate Management ==
== Certificate Management ==
=== Web base enrollment ===
This is for issues related to PSM web content integration:
* HTML tag <KEYGEN>
* JavaScript function crypto.generateCRMFRequest
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-enroll%5D psm-enroll] ]


=== Invalid duplicate certificates ===
=== Invalid duplicate certificates ===
Line 67: Line 146:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-duplicates%5D psm-cert-duplicates] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-duplicates%5D psm-cert-duplicates] ]


=== Error handling for invalid certificates ===


=== Error pages for invalid certificates ===
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-errors%5D psm-cert-errors] ]
 
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-error-pages%5D psm-cert-error-pages] ]
 


=== Confusion around inability to delete built-in root CA certificates ===
=== Confusion around inability to delete built-in root CA certificates ===


PSM's certificate manager has confusing UI related to deleting certificates. Root CA certificates that are bundled with the application can not be deleted, it's impossible. They can have their trust removed, which has the same effect. The user interface should be enhanced to make this easier to understand.
PSM's certificate manager has confusing UI related to deleting certificates. Root CA certificates that are bundled with the application can not be deleted, it's impossible. They can have their trust removed, which has the same effect. The user interface should be enhanced to make this easier to understand.


[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-manager%5D psm-cert-manager] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-manager%5D psm-cert-manager] ]


=== Ability to search for certificates ===
=== Ability to search for certificates ===
Line 91: Line 166:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-manager%5D psm-cert-manager] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-manager%5D psm-cert-manager] ]


=== Issues related to certificate exceptions ===
Firefox allows experienced users to ignore certificate errors on a site-by-site choice. This category is for issues around this feature, be it inability to add exceptions, or allowing exceptions where it shouldn't be possible, or incorrect behaviour around exceptions.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-cert-exceptions%5D psm-cert-exceptions] ]
=== Issues related to the powers of Certificate Authorities ===


=== Restricting the power of CA certificates ===
There have been multiple proposals around restricting the powers of CA certificates, or catching mistakes made by CAs at the PSM level.


There have been multiple proposals around restricting the powers of CA certificates. For example, a company's intranet root certificate could be limited to issuing certificates for sites within the company's own domain(s), or a government's CA could be restricted to issue certificates for the country's top level domain, only.
For example, a company's intranet root certificate could be limited to issuing certificates for sites within the company's own domain(s), or a government's CA could be restricted to issue certificates for the country's top level domain, only.


This could be implemented either in NSS or at the PSM level.
This could be implemented either in NSS or at the PSM level.
Line 100: Line 182:
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-ca-domains%5D psm-ca-domains] ]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-ca-domains%5D psm-ca-domains] ]


== Improve S/MIME ==
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-smime%5D psm-smime] ]
== Implement key+cert sharing between applications ==
Each Mozilla application profile contains a database with a user's private keys (related to the master password), certificates, and trust settings for certificates.
The applications should be merged to all use a single database, which will require user assisted merging.
We have [[PSM:UIforSharedDB | proposals for the user interface]].
Technical background can be found at [[NSS_Shared_DB]]
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-shared-db%5D psm-shared-db] ]
== Improve feedback from PSM to the user ==
When running into failures, the underlying libraries (such as NSS) might have additional information available, that might be helpful at the end user level, and should be reported in the user interface. This category also includes progress feedback, or reporting additional details.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-feedback%5D psm-feedback] ]
== PSM testing, unit tests, mochitests, ... ==
Request to do more automated testing.
[ [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bpsm-testing%5D psm-testing] ]


-------------------
[[PSM:Bugstats | Bug queries]]
-------------------
[[Category:PSM]]
[[Category:PSM]]

Latest revision as of 19:44, 9 July 2010

PSM is a code module in the Mozilla platform. Formerly PSM meant "personal security manager", because it was implemented as a separate program. Things have changed long ago, the code is now an internal code module. Encryption technologies (such as SSL and PKI in general) have become a mandatory part of the Mozilla applications.

The PSM acronym may also be described as "Platform Security Module".

(As a reminder, PSM is internal glue code that connects the Mozilla platform code to the external NSS libraries. It's NSS that contains the general purpose implementations for core security protocols, algorithms and much more.

This page lists areas related to PSM code that are not (yet) solved sufficiently.

Tags listed in [] brackets can be found in the status whiteboard of related bugs at bugzilla.mozilla.org

Grouped by importance

New unconfirmed bug reports

We have lots of new incoming bug reports which have not yet been triaged.

Any help to reduce the queue is welcome!

Fatal issues like crashes, deadlocks, dataloss

We have bugs that may cause fatal misoperation, crashes, deadlocks or dataloss.

[ psm-fatal ]

Issues related to vulnerabilities

This includes both potential vulnerabilities and those which have been made public already.

[ psm-cve ]

Roadblocks

Some bugs make it very difficult very users to use the PSM features, and frustrate users, and may have the effect that people want to avoid security features.

[ psm-roadblock ]

Architecture level tasks

This is where we need to design new base solutions and services that can later be used for functionality or simplified engineering, usually requiring new interaction between PSM and other modules.

[ psm-arch ]

Failing Builds or Failing Tests

Issues related to tinderbox test or build failures.

[ psm-build ]

Code inconsistencies, Assertion failures, Memory leaks

These are errors that have been detected in the code, like reports about assertion failures, memory leaks, or other mistakes that have been identified through code inspection.

[ psm-logic ]

Minor issues and easy improvements

This is for issues that request to fix a typo, a simple polish level improvement, or keyboard shortcuts, etc., but doesn't affect correctness of functional behaviour. It also includes easy code cleanup and minor improvements which are obviously simple and straightforward to implement. We just need someone to help get it done.

[ psm-easy ]

Policy issues

This is for requests or issues that would require a policy change. For example, today our product deliberately behaves in a given way, and today we believe it's the right thing to do. However, this might change in the future, or after intensive discussions.

[ psm-policy ]

Grouped by functional area

Improve Secure authentication

This is for issues and feature requests around protocol based authentication against Internet sites (Instead of having a web form, you authenticate using a mechanism that is implemented in a communicaton protocol and implemented with user interface provided by the application (often called Chrome)).

[ psm-auth ]

SSL client authentication

This is one area where we'd like all Mozilla applications to improve (not limited to browser applications, but including email protocols etc.).

See also

Tracked from meta bug 159274.

Issues around the usability of Smartcards

PSM comes with a "software security device", which could be seen as a virtual smartcard, simulated using files stored in the user's directory. Certificates are accessed using the pkcs#11 interface. Physical smartcards can be used to provide similar functionality. This category is for issues where smartcards don't work right.

[ psm-smartcard ]

Issues around CRLs (Certificate Revocation Lists)

[ psm-crl ]

Master Password

Issues related to the master password. This list includes the annoying multiple prompts on startup.

Tracked from meta bug 570421.

Padlock and mixed content (in the browser) issues

PSM is responsible for producing the correct security state of a web page, which has historically been displayed using a padlock (solid, broken or absent), and which more recently is being shown using URL bar background colors, and confirmed site name or identity indicators to the left of the URL bar.

This section is for issues where the displayed state is different from the actual content.

[ psm-padlock ]

TCP/IP issues

Issues related to the socket level communication, SSL/TLS procotol level logic.

[ psm-tcpip ]

OCSP issues

Problems that occur because OCSP is enabled, either default mode, or strict mode. Tracked in meta bug 157555.

TLS intolerance detection and automatic recovery

Sometimes servers behave wrong when connecting with modern TLS protocols. PSM tries to deal gracefully, but there are scenarios where it doesn't work right. Tracked in meta bug 239381

Certificate Management

Web base enrollment

This is for issues related to PSM web content integration:

  • HTML tag <KEYGEN>
  • JavaScript function crypto.generateCRMFRequest

[ psm-enroll ]

Invalid duplicate certificates

The PKI related standard documents for X.509 certificates and certificate infrastructures require that all certificates issued in the world follow a simple rule: The pair of {issuer-certificate-subject-name, serial number} must always be unique.

The implementation of NSS assumes that the world is perfect and no such duplicates exist. Unfortunately, in the real world mistakes are being made, and such duplicates exist. When NSS experiences such duplicates, it will get confused, which may lead to unexpected behaviour. For example, a user's storage or cache of certificates may contain a certificate A, and visiting a website may involve another certificate B, which both have the same {issuer,serial} pair. It may be impossible to visit the website, and the user may not understand the cause (and the Mozilla application will not clearly report the cause). Resolving the situation might require erasing the local storage/cache or asking the website administrator to install a different certificate.

[ psm-cert-duplicates ]

Error handling for invalid certificates

[ psm-cert-errors ]

Confusion around inability to delete built-in root CA certificates

PSM's certificate manager has confusing UI related to deleting certificates. Root CA certificates that are bundled with the application can not be deleted, it's impossible. They can have their trust removed, which has the same effect. The user interface should be enhanced to make this easier to understand.

[ psm-cert-manager ]

Ability to search for certificates

The lists of certificates shown by certificate manager can be large. An ability to search for certificate (or filter the view) would be very helpful.

We recently got a code contribution that provided this ability. Unfortunately the code did introduce regressions and it was necessary to back it out (remove it).

We are looking for an contributor who would like to help us by improving the existing patch.

[ psm-cert-manager ]

Issues related to certificate exceptions

Firefox allows experienced users to ignore certificate errors on a site-by-site choice. This category is for issues around this feature, be it inability to add exceptions, or allowing exceptions where it shouldn't be possible, or incorrect behaviour around exceptions.

[ psm-cert-exceptions ]

Issues related to the powers of Certificate Authorities

There have been multiple proposals around restricting the powers of CA certificates, or catching mistakes made by CAs at the PSM level.

For example, a company's intranet root certificate could be limited to issuing certificates for sites within the company's own domain(s), or a government's CA could be restricted to issue certificates for the country's top level domain, only.

This could be implemented either in NSS or at the PSM level.

[ psm-ca-domains ]

Improve S/MIME

[ psm-smime ]

Implement key+cert sharing between applications

Each Mozilla application profile contains a database with a user's private keys (related to the master password), certificates, and trust settings for certificates.

The applications should be merged to all use a single database, which will require user assisted merging.

We have proposals for the user interface.

Technical background can be found at NSS_Shared_DB

[ psm-shared-db ]

Improve feedback from PSM to the user

When running into failures, the underlying libraries (such as NSS) might have additional information available, that might be helpful at the end user level, and should be reported in the user interface. This category also includes progress feedback, or reporting additional details.

[ psm-feedback ]

PSM testing, unit tests, mochitests, ...

Request to do more automated testing.

[ psm-testing ]


Bug queries