On 17/07/2014 01:26, Ryan Sleevi wrote: > On Wed, July 16, 2014 11:42 pm, Falcon Darkstar Momot wrote: >> When it comes to key material, it's an outstanding idea to err on the >> side of caution. >> >> Does anyone actually require this feature in a non-debug build? If not, >> then it's completely unreasonable to leave it in such builds, even if >> it's not the weakest link and even if it doesn't break compliance. >> >> --Falcon Darkstar Momot >> --Security Consultant, Leviathan Security Group > Quite a few people, especially users of Chrome and Firefox, especially > those working to implement or deploy SPDY or HTTP/2.0 (which are over TLS, > ergo Wireshark/pcap can be a pain). > > Given that the threat model requires a local attacker with same-privileges > as either of these applications (or influence over NSS environment), can > you describe a threat that could not be equally accomplished through > other, similarly trivial means (e.g. binary compromise) >
A better question to ask might be why those people cannot run their browser with a debug build, since they are developing. Don't wait for someone to construct an environment with a viable vector or find a generally viable vector and show you; by that time you're already late with the fix. The conditional security argument isn't an invalid one, but for something like this it defies common sense to assume any risk at all no matter how minor (on behalf of production users) for what appears to be zero gain. -F
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
