Issue

When navigating personal-certificate-protected CSAIL websites, Firefox stops repeatedly, asking you to manually "choose a certificate to use as identification."

Cause

The Firefox developers changed the default certificate setting from "select automatically" to "ask every time" because some countries issue certificates to all of their citizens, and this would allow people in those countries to be tracked, by name and ID number, without their consent.

Both the impact (only your CSAIL email address and full name are stored in your certificate) and probability (an attacker would have to specifically target and request CSAIL certificates, a rather small population) of this information disclosure vulnerability are quite limited for CSAIL users.

Resolution

To restore the previous Firefox behavior, open the Firefox preferences dialog (depending on your OS, this is Tools/Options, Edit/Preferences, or Firefox/Preferences) and select the "Advanced" pane, then the "Encryption" tab then change the setting back to "Select automatically".

-- ArthurProkosch - 31 Mar 2008