Tuesday, December 23, 2008

Firefox and client certificates: a privacy issue

There's something disturbing in the way Firefox handles client certificates in some situtations; in fact I just sent an email to Mozilla Security a few days ago and the person who answered me verified they knew about it and in fact they had issued an advisory some time ago, but it seems I missed it, so my bad.

This person kindly provided me the following links which are very informative:

discussion of the bug behind the behaviour:
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html


An article that attemps to describe the algorithm used by Firefox for picking the cert and ways to improve it
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html


developers newsgroup where you can talk about certificate issues:
http://news.mozilla.org/mozilla.dev.tech.crypto

There're still things, in the last article specially, that I think do not match what happens in reality, but oh well.. maybe in some other post, I still need to check some things before saying anything more.

Thanks to Mozilla Security for their prompt response and the links.

So, here's the thing:

Let's assume you use client cerficates for some web sites and you have imported them into Firefox.

By default, if a remote https server requires client certificates, Firefox is setup to display a dialog box listing the certificates you have in Firefox's certificate store and let you choose which one to present to the remote https server.

This is the default option and can be found in the Edit->Preferences->Advanced->Encryption Tab under 'Certificates' (or Tools->Options->Advanced->Encryption if you're running Windows).

The option is called 'Ask me every time'.

The problem with using this option is that sometimes with some web servers, Firefox will ask you again and again and again which certificate to use. For example, if you're using VMWare server and accessing it thru the web interface, you'll have this problem.

According to the person I 'talked' to at Mozilla Security this is because the servers are misconfigured, do not cache the SSL session and re-request the certificate on every connection; which sounds reasonable (I think).

The thing is that, in these situations, it is impossible to keep the 'Ask me every time' option enabled.. having the 'choose certificate' dialog appearing every 2 minutes while you're trying to do somethings drives you crazy..

I'm not saying it is Firefox's fault , I'm saying it's just impossible to keep that option enabled in these cases.

So, what can you do? You can go and change the option to be 'Select one automatically'.




Doing that will solve all your problems, the dialog asking for which certificate to use will not appear any more because Firefox will choose one for you.

THE THING IS... Firefox's algorithm to choose which certificate to send is not very good.. to tell you the truth I have no idea exactly what's the algorithm they use (the information found in the link I mentioned above was not enough for me to understand exactly how it works).. but from what I've seen in practice.. it is very bad..

Because of this, situations like the following can occur:

* You have a client certificate for the Organization 'Organization A' stored in the Firefox certificate store

* You connect using https to www.organizationb.com (or any other domain, www.whatever.com, just one that has absolutely NOTHING to do with the organization that provided you with the client certificate :)). This https server requires client certificates.

* if you have the 'Select one automatically' option enabled, it is very likely that Firefox will send the client certificate for 'Organization A' to this unknown, untrusted, arbitrary https server (specially if this is the only client certificate you have).

* This all happens transparently, you'll never know it happened.


So... this is not very good.. it's a privacy issue.. client certificates usually contain email-addresses, the name of organizations, YOUR NAME, YOUR EMAIL ADDRESS,... you get the idea..

So, if you have the 'Select one automatically' option enabled, anyone on the Internet can potentially know your name, your organization's name, your e-mail address.. not very good.. and it all happens behind the scenes.


So, again, using 'Select one automatically'... not a very good idea.. :)

If you use client certificates, you can also create a 'fake' certificate without any personal information and hope Firefox will deliver that one to the remote server. I tried this and it works, but I haven't yet thoroughly analyzed the algorithm they use to choose which certificate to send to be able to to tell you how to create it and whether a remote server can still make Firefox send your other certificates.

So let me repeat again, 'Ask me every time' is the default option in Firefox (this is very important), however, sometimes, as I explained before, having this option enabled is not possible (yes, the scenarios are limited, but they exist), so.. in these special cases.. I recommend having a 'fake' cert or enabling 'select one automatically' and then be sure not to access any other web server :) (not browsing only https servers is not enough, think redirect.. ) until you change the setting back to 'Ask me every time' :).

if you want to try this out, you can use openssl:

* Enable 'select one automatically' if you haven't enabled it already
* create a fake server certificate to use with openssl
* run the following command: sudo openssl s_server -accept 443 -cert server.crt -key server.key -crl_check -verify -state -HTTP (or change -accept 443 to -accept to avoid running openssl as root.. it's just a test anyways.. )
* go to your browser and access https://localhost/something
* the client certificate information will be displayed by openssl

See the next screenshot:



* you can also add the -debug parameter to openssl if you want to obtain more verbose information
* you can also use ruby and WEBrick (you won't have to create a fake server certificate); or any other scripting language :)

So, there're many improvements that could be done to the 'Select one automatically' option (some are very naive and are mistakes :)).. so be careful..

3 comments:

Anonymous said...

Funny, I ran into this exact same issue with VMware server at just around the same time as you posted this.
In my experience, the number of sites that you really need to supply client certs to is typically pretty small. Adding another option to "When a server requests my personal certificate" that says something like "Ignore requests for personal certificates" with an Exceptions box such as is done for cookies would be a good idea in my opinion.

Anonymous said...

Funny, I ran into the exact same issue with VMware server right around the same time that you posted this.
In my experience, the number of sites that you really need to supply client certs to is pretty small. Adding a whitelist option such as "Ignore requests for client certs" with an "Exceptions" box (such as is done with cookie handling) would be a good idea in my opinion.

Ajdin said...

Hi, this (ask me every time) is not working as well if you have several personal client certificate for one server page.
security.default_personal_cert Status:default, type=string Value: Ask Every Time
But in explanation (http://kb.mozillazine.org/About:config_entries) it says that
Select Automatically (default): Automatically choose the certificate
, so ask me every time should not be Status:default, or I've misunderstand it. Yes, I have set master security device, and password.
Workaround is to restart Firefox (3.5.7), which takes some time. Nevertheless, this 'ask me every time' worked in the past, but not with FF 3.5.X.
I say Mozilla Firefox 3.5.7 has a bug, which I've submitted (bug id 536339).

BR,
Ajdin