[20816] in Athena Bugs
Re: clearcerts vs. clear-netscape-password, etc.
daemon@ATHENA.MIT.EDU (t. belton)
Thu Sep 26 11:39:05 2002
Date: Thu, 26 Sep 2002 11:39:03 -0400 (EDT)
From: "t. belton" <tbelton@MIT.EDU>
To: John Hawkinson <jhawk@MIT.EDU>
cc: <bug-infoagents@MIT.EDU>, <web-agents@MIT.EDU>, <netscape-release@MIT.EDU>
In-Reply-To: <200209252142.RAA23189@multics.mit.edu>
Message-ID: <Pine.GSO.4.33L.0209261119190.19002-100000@iphigenia.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I agree that the names are still a little 'suboptimal.' On the other hand,
and I cannot stress this enough, the user is supposed to be running those
clear-certs scripts only when specifically told to do so by a help staffer
or other guru. They are very destructive scripts. In fact I believe most
users never poke around in those parts of infoagents to see what's what,
nor should they. (Let's put it another way: I sure hope they don't. No
user-serviceable parts inside.)
Netscape 4 was designed with an unclearable certificate password. This was
deliberate, and in general I applaud it. A certificate without a password
is a relatively insecure certificate, in that someone else can physically
go to a machine where you're logged in and pretend to be you. If the cert
password can be cleared at some sort of master level, then someone can
physically go to the machine, clear the password, and we're back to
insecure again.
This was a pain in the rear, though, I admit, every time we had to tell a
user "So, you forgot your cert password? Go delete your certs and forget
about anything cert-encrypted you have; it's all gone now." The Netscape
script pertinent to cert passwords, 'zap-certificates,' (which was renamed
several times) is meant to automate this deletion process, because we
don't want the user casually slinging rm's around if they are sans clue.
The Mozilla 'clearcerts' script has a different purpose. It is meant to
remove all traces of old, converted 4.x certificates BEFORE applying for
new ones under Mozilla. They can interfere with getting the new certs to
work properly. This script, too, has had some arguments about its name.
I can change the name of the Netscape one but too many people have already
gotten in the habit of thinking about it as 'zap-certificates.' I can
change the name of the Mozilla one, but we just spent a couple of days
agreeing on the name we have!
I think I would rather leave them as they are and just try to teach
everyone once and for all what they do and why they do it. And when to
leave them alone.
-t
P.S.: 'clear-netscape-password', the old and very uninformative name for
'zap-certificates,' has not existed in infoagents for quite a while. I may
have some stale symlinks to it; I'll check for them.
On Wed, 25 Sep 2002, John Hawkinson wrote:
> With users running both Netscape and Mozilla, the presence of
> multiple, confusing, different choices to get rid of certificates
> is suboptimal:
>
> [coleco-sidewinder!jhawk] ~> cd ~infoagents/bin
> [coleco-sidewinder!jhawk] ~infoagents/bin> gls -Ll *clear* *zap*
> -r-xr-xr-x 1 brlewis mit 257 Nov 25 1997 clear-netscape-password
> -rwxr-xr-x 1 tbelton mit 1765 Sep 8 15:35 clearcerts
> -r-xr-xr-x 1 brlewis mit 257 Nov 25 1997 zap-certificates
>
> It appears that users don't know when they should be using which one.
>
> I would suggest a couple of options:
>
> #1 Rename "clearcerts" to "clear-mozilla-certs". I don't think this
> is a very good option.
> #2 Have all 3 commands do the same thing, viz remove both netscape
> and Mozilla certificates.
> #3 Have all 3 commands to the same thing, viz. prompt the user
> as to which certificates to remove.
>
>
> As somewhat of an aside, part of the point of having such a command
> was that Netscape had no good UI to correcting the problem of a forgotten
> cert db passphrase. If Mozilla has the same problem, perhaps users
> should be educated. [*looks briefly*] Oh, there is a "Reset Master Password"
> choice in the Master Passwords section. Perhaps we should encourage users
> to use this, perhaps having "clearcerts" (or whatever) mention it.
>
> To my mind, the correct user interface here would be to have the
> "Please enter the master password" dialogue box have a "Reset" button.
> Perhaps it would only appear after a failed attempt.
>
> Would bug-infoagents be interested in such a patch?
>
> --jhawk
>
