Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Login to software security device

2 views
Skip to first unread message

Eddy Nigg (StartCom Ltd.)

unread,
May 13, 2008, 8:44:28 AM5/13/08
to dev-apps-t...@lists.mozilla.org
Another one: With TB 3 pre2 for every account I've got I must enter the
master password for the security device. This behavior is new,
previously once confirming the password was enough. Quite
disturbing....has anybody else experienced it? Does a bug report exist
already?


--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: star...@startcom.org <xmpp:star...@startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390

Prasad Sunkari

unread,
May 13, 2008, 9:47:01 AM5/13/08
to

> Another one: With TB 3 pre2 for every account I've got I must enter the
> master password for the security device. This behavior is new,
> previously once confirming the password was enough. Quite
> disturbing....has anybody else experienced it? Does a bug report exist
> already?
>

I did. I think this problem occurs only when "Check for new mails on
startup" is set for more than one accounts. I could not find a bug
corresponding to Thunderbird on the bugzilla.
https://bugzilla.mozilla.org/show_bug.cgi?id=356097 is the bug regarding
a similar thing on Firefox.

Prasad

Eddy Nigg (StartCom Ltd.)

unread,
May 13, 2008, 10:42:11 AM5/13/08
to Prasad Sunkari, dev-apps-t...@lists.mozilla.org

Prasad Sunkari:

>
> I did. I think this problem occurs only when "Check for new mails on
> startup" is set for more than one accounts.
>

So it pops up the first time it checks the account then for every
account. IMO about the same...

Besides, I must and want to see all you new messages on startup (which
actually doesn't happen a lot, but lately there seems to be a copy paste
bug which crashes TB and therefor happens to me somewhat more often ;-) )

Going to file a few bugs today..

Nelson Bolyard

unread,
May 28, 2008, 2:00:02 PM5/28/08
to
Eddy Nigg (StartCom Ltd.) wrote, On 2008-05-13 05:44:
> Another one: With TB 3 pre2 for every account I've got I must enter the
> master password for the security device. This behavior is new,
> previously once confirming the password was enough. Quite
> disturbing....has anybody else experienced it?

Yes. Lots of folks.

The model of operation for ALL PKCS#11 devices, including the "software
security device", is intended to be that when a user logs in to that
device, he does not have to login again until some configurable time
has elapsed.

This model requires that applications ask "Is the device already logged in?"
and not do another login if the answer is yes. But many apps don't do that
or don't do it correctly.

There is also the issue of multiple simultaneous device login prompts.
This is because the UI for those login prompts doesn't seem to have a way
to remember that it already has displayed a prompt and is awaiting user
input, so if another thread wants to use the device and sees that it is
not logged in, instead of blocking and waiting for the existing prompt to
be completed, it displays a new prompt.

All these things are application/UI problems. They seem to affect lots
of people, and have done so (to various degrees) for a long time.
I don't know if the relevant developers:
a) assume that the problem is in NSS and not their code, or
b) know that they need to change something but don't know what, or
c) just don't care, or
d) have disabled all use of such devices for themselves, operating without
any passwords, and so never experience the problem themselves, and so tend
to ignore problems they don't experience.

My money is riding on that last one.

Eddy Nigg (StartCom Ltd.)

unread,
May 28, 2008, 3:30:47 PM5/28/08
to dev-apps-t...@lists.mozilla.org
Nelson Bolyard:

> All these things are application/UI problems. They seem to affect lots
> of people, and have done so (to various degrees) for a long time.
> I don't know if the relevant developers:
> a) assume that the problem is in NSS and not their code, or
> b) know that they need to change something but don't know what, or
> c) just don't care, or
> d) have disabled all use of such devices for themselves, operating without
> any passwords, and so never experience the problem themselves, and so tend
> to ignore problems they don't experience.
>
> My money is riding on that last one.
>
Nelson, did you see https://bugzilla.mozilla.org/show_bug.cgi?id=431819 ?

Dan Mosedale

unread,
Jun 6, 2008, 4:14:45 PM6/6/08
to
Nelson Bolyard wrote:
>
> All these things are application/UI problems. They seem to affect lots
> of people, and have done so (to various degrees) for a long time.
> I don't know if the relevant developers:
> a) assume that the problem is in NSS and not their code, or
> b) know that they need to change something but don't know what, or
> c) just don't care, or
> d) have disabled all use of such devices for themselves, operating without
> any passwords, and so never experience the problem themselves, and so tend
> to ignore problems they don't experience.
>
> My money is riding on that last one.

If you believe that's true, the right thing to do is file bugs and
nominate them. In fact, there is already a Thunderbird 3 blocker bug
filed on the non-serial prompting (bug 338549). There may be others
filed as well, please have a look...

Dan

0 new messages