NSS Shared DB: Difference between revisions

Jump to navigation Jump to search

NSS Shared DB (view source)

Revision as of 17:03, 14 August 2007

64 bytes removed ,  14 August 2007
→‎Update complications.
Line 406: Line 406:




===Update complications.===
==--=Update complications=====


Updated complications only affect Type A applications. In order to merge a  
Updated complications only affect Type A applications. In order to merge a  
Line 560: Line 560:
exception A. Application needs to decide what happens if the legacy password
exception A. Application needs to decide what happens if the legacy password
is not supplied. Application can choose to:  
is not supplied. Application can choose to:  
    1) continue to use the legacy DB and try to update later.
# continue to use the legacy DB and try to update later.
    2) force NSS to mark legacy DB to be updated without actually updating
# force NSS to mark legacy DB to be updated without actually updating the legacy DB (throwing away everything in the legacy DB).
    the legacy DB (throwing away everything in the legacy DB).
# force NSS to update those objects it can from the legacy DB, throwing
    3) force NSS to update those objects it can from the legacy DB, throwing
     away private keys and saved passwords.
     away private keys and saved passwords.


exception B. Applications needs to decide what happens if the new shared DB
exception B. Applications needs to decide what happens if the new shared DB
password is not supplied. Application can choose to:
password is not supplied. Application can choose to:
    1) continue to use the legacy DB and try to update later.
# continue to use the legacy DB and try to update later.
    2) force NSS to mark legacy DB to be updated without actually updating
# force NSS to mark legacy DB to be updated without actually updating the legacy DB (throwing away everything in the legacy DB).
    the legacy DB (throwing away everything in the legacy DB).
# force NSS to update those objects it can from the legacy DB,throwing away private keys and saved passwords, and trust information from the legacy DB.
    3) force NSS to update those objects it can from the legacy DB,
# force NSS to reset the shared database password, throwing away private keys and saved passwords, and trust information rom the shared DB.
throwing away private keys and saved passwords, and trust information
from the legacy DB.
    4) force NSS to reset the shared database password,  
throwing away private keys and saved passwords, and trust information
from the shared DB.


NOTE: Since we are potentially dealing with 2 different passwords, The  
NOTE: Since we are potentially dealing with 2 different passwords, The  
application needs to be clear to the user which password it needs.
application needs to be clear to the user which password it needs.


Merge Conflicts (Mode 3A only)
===== Merge Conflicts (Mode 3A only) =====


When merging databases in, it's possible (even likely), that the shared  
When merging databases in, it's possible (even likely), that the shared  
Line 587: Line 581:
the merge is a simple matter of identifying duplicates and not updating them.
the merge is a simple matter of identifying duplicates and not updating them.
In the case of trust attributes, however, there are a number of choices:
In the case of trust attributes, however, there are a number of choices:
  1) don't update duplicate trust (shared database copy wins).
# don't update duplicate trust (shared database copy wins).
  2) overwrite trust from the legacy DB (legacy db copy wins).
# overwrite trust from the legacy DB (legacy db copy wins).
  3) calculate the least common denominator trust between them (take the least
# calculate the least common denominator trust between them (take the least trusted values). (turning off trust wins).
  trusted values). (turning off trust wins).
# calculate the most common demonimnator trust between the two (turning on trust wins).
  4) calculate the most common demonimnator trust between the two (turning on
 
  trust wins).
From the user perspective, each of these choices means:
From the user perspective, each of these choices means:
  1) after the update the application that just updated may trust certs that
 
# after the update the application that just updated may trust certs that
it had previously marked untrusted, or certs that it has marked trusted are
it had previously marked untrusted, or certs that it has marked trusted are
no longer trusted.
no longer trusted.
  2) after the update other applications that share the database may trust
# after the update other applications that share the database may trust
certs they had previously marked untrusted, or certs that they had marked as
certs they had previously marked untrusted, or certs that they had marked as
trusted are no longer trusted.
trusted are no longer trusted.
  3) after the update all apps may find the certs that they marked trust are
# after the update all apps may find the certs that they marked trust are
no longer trusted.
no longer trusted.
  4) after the update all apps may find that they trust certs that have  
# after the update all apps may find that they trust certs that have  
previously been marked untrusted.
previously been marked untrusted.


Line 617: Line 611:
passwords, the merged database will have to have a  
passwords, the merged database will have to have a  


Mozilla Applications.
===== Mozilla Applications =====


Mozilla applications are Mode 3A applications. In fact, for all intents and  
Mozilla applications are Mode 3A applications. In fact, for all intents and  
Line 637: Line 631:
(any of the below apply):
(any of the below apply):


1) The Mozilla app is starting as a fresh instance.
# The Mozilla app is starting as a fresh instance.
2) The Mozilla app has already been updated.
# The Mozilla app has already been updated.
3) The shared database does not have a master password set and
# The shared database does not have a master password set and The legacy database for Mozilla app does a master password set.
  The legacy database for Mozilla app does a master password set.


These are the most common cases.
These are the most common cases.
Line 732: Line 725:




Profile issues.
===== Profile issues =====


Mozilla apps can create more than one profile. Developers use this capability  
Mozilla apps can create more than one profile. Developers use this capability  
Line 745: Line 738:




1) Allow profiles to be marked with 'private key/cert DB's. This will change
# Allow profiles to be marked with 'private key/cert DB's. This will change
The Mozilla app from a Mode 3A app to a Mode 2A app. This will return  
The Mozilla app from a Mode 3A app to a Mode 2A app. This will return  
developers to their previous semantic if they want, while allowing them to
developers to their previous semantic if they want, while allowing them to
Line 751: Line 744:
require UI changes to the profile manager, and it will require action on the
require UI changes to the profile manager, and it will require action on the
part of the developer to get back to the old semantic.
part of the developer to get back to the old semantic.
 
# Treat only the default profile as Mode 3A and all other profiles as Mode 2A.
2) Treat only the default profile as Mode 3A and all other profiles as Mode 2A.
This will allow profile separation to operate as is today with no changes. It
This will allow profile separation to operate as is today with no changes. It
does mean, however, that only default profiles will share keys with  
does mean, however, that only default profiles will share keys with  
appllication.
appllication.
 
# Provide the checkbox in option 1, but make it default as in option 2.
3) Provide the checkbox in option 1, but make it default as in option 2.


I think option 3 probably provides the best solution for all worlds.
I think option 3 probably provides the best solution for all worlds.
Relyea
439

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/65398"

Navigation menu