User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303 We have been testing the behaviour of different browsers when downloading a PKCS #7 certificate set contained within a single file in DER format. The file was created as stated in the man page for openssl's crl2pkcs7 tool: openssl crl2pkcs7 -nocrl -certfile newcert.pem -certfile demoCA/cacert.pem -outform DER -out p7.der The idea is to download several CA certificates at once. We think the user should be asked for each of the certificates within the file, because he or she propably won't want to install all of them. We tested with Mozilla (latest builds) as well as other popular browsers (Microsoft Internet Explorer, Opera and Konqueror where tested). The only two that seems to have a reasonable behaviour are Internet Explorer and (maybe) Opera. The DER file used to make the tests detailed below is available at: http://www.rediris.es/pruebas/tacar/ The behaviour of the different browser is as follows: - IE 6 downloads the file containing the set of certificates and spawns the MS Windows Certificate Manager, letting the user choose which of the certificates to install. - Opera 7 built-in certificate manager displays all the certificates within the file, and lets the user install *all* of them. - Konqueror launchs the KDE Certificate Manager which seems to have problems displaying the information of the certificates; if the user choose the 'install' option, will install all the certificates. IMHO, that behaviour is dangerous, since the user is not being informed of what the browser is going to do. - Finally, Mozilla -latest tested: Mozilla 1.7b Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040303-, only displays the information for the first certificate, but it will install all of them if you decide to install the displayed certificate. IE 6 approach seems to be the more reasonable, since the user is asked and is able to choose what to do. Opera approach is not bad at all, but the user will have to install all the certificates and then delete those that are not needed (if it's the case). Konqueror behaviour is definitively wrong. Mozilla should improve the way it handles the certificates, because someone would install additional (undesired?) certificates while the user is prompted to install only one certificate. Reproducible: Always Steps to Reproduce: 1.Just click in the link provided Actual Results: Mozilla certificate manager only displays the first certificate in the set. But if you install it, all certificates are installed. Expected Results: I think Mozilla should display all the certificates within the set.

I remember reading from some document that DER could only contain a single certificate... Anyway, I can confirm this. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

adding wtc.. seems like more of nss thing than psm. should this be security sensitive?

I'm removing the security sensitive flag, because mozilla's behavior is exactly as designed and intended, and has been essentially the same ever since Communicator 4.0. It's been documented for about 8 years. See http://wp.netscape.com/eng/security/comm4-cert-download.html A PKCS7 file of certs is supposed to contain a single cert chain, not a collection of potentially unrelated certs. When downloading a set of certs and trusting it, one is making a fundamental decision about trust. The idea being put forth by the submittor is that a given set of certs may contain some trustworthy and some untrustworthy certs. But in that case, one must conclude that the source of that set of certs is not entirely trustworthy. At most, this is a request for enhancement, asking that mozilla impose more effort on the part of the user in making trust decisions. There is much debate now (in the mozilla public crypto newsgroup) about whether mozilla imposes too much or too little responsibility on the end users, and whether it offers too much or too little info for those decisions. It is widely observed that most users click through all security dialogs without reading them. The best solution is probably to give the users fewer decisiosn to make, less rope with which to hang themselves. In any case, this this correctly a PSM bug because it requests UI changes. If additional NSS APIs are needed, the RFE for those APIs should come from the PSM developer.

Hi Nelson, referring to ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc I think that multiple root certificates should be possible within a single PKCS#7 file and be processed as a sequence of single root certs... The processing of sub-CA certs is OK. Cheers Reimer Quote: SignerInfos ::= SET OF SignerInfo The fields of type SignedData have the following meanings: [...] o certificates is a set of PKCS #6 extended certificates and X.509 certificates. It is intended that the set be sufficient to contain chains from a recognized "root" or "top-level certification authority" to all of the signers in the signerInfos field. There may be more certificates than necessary, and there may be certificates sufficient to contain chains from two or more independent top-level certification authorities. There may also be fewer certificates than necessary, if it is expected that those verifying the signatures have an alternate means of obtaining necessary certificates (e.g., from a previous set of certificates).