Re: SSLKEYLOGFILE always enabled

(CC-ing DD as I found this bug he reported asking about the same thing: https://bugzilla.mozilla.org/show_bug.cgi?id=908046) On 17 July 2014 07:33, Patrick McManus wrote: > If there would be a reduced risk by scoping the feature to debug builds I > would agree with you that it should be scoped. B

Re: SSLKEYLOGFILE always enabled

If there would be a reduced risk by scoping the feature to debug builds I would agree with you that it should be scoped. But Ryan suggests there isn't. My much less informed opinion tends to agree with him. On Thu, Jul 17, 2014 at 3:41 AM, Falcon Darkstar Momot < fal...@iridiumlinux.org> wrote: >

Re: SSLKEYLOGFILE always enabled

On 17/07/2014 01:26, Ryan Sleevi wrote: > On Wed, July 16, 2014 11:42 pm, Falcon Darkstar Momot wrote: >> When it comes to key material, it's an outstanding idea to err on the >> side of caution. >> >> Does anyone actually require this feature in a non-debug build? If not, >> then it's complet

Re: SSLKEYLOGFILE always enabled

On Wed, July 16, 2014 11:42 pm, Falcon Darkstar Momot wrote: > When it comes to key material, it's an outstanding idea to err on the > side of caution. > > Does anyone actually require this feature in a non-debug build? If not, > then it's completely unreasonable to leave it in such builds, ev

Re: SSLKEYLOGFILE always enabled

Behalf Of Ryan Sleevi >> Sent: Tuesday, July 15, 2014 6:12 PM >> To: mozilla's crypto code discussion list >> Subject: Re: SSLKEYLOGFILE always enabled >> >> On Tue, July 15, 2014 1:11 pm, Tom Ritter wrote: >>> Is having it in by default useful enough to out

Re: SSLKEYLOGFILE always enabled

ccorp@lists.mozilla.org] On Behalf Of Ryan Sleevi Sent: Tuesday, July 15, 2014 6:12 PM To: mozilla's crypto code discussion list Subject: Re: SSLKEYLOGFILE always enabled On Tue, July 15, 2014 1:11 pm, Tom Ritter wrote: Is having it in by default useful enough to outweigh the risk? When the Du

RE: SSLKEYLOGFILE always enabled

, July 15, 2014 6:12 PM To: mozilla's crypto code discussion list Subject: Re: SSLKEYLOGFILE always enabled On Tue, July 15, 2014 1:11 pm, Tom Ritter wrote: > Is having it in by default useful enough to outweigh the risk? > > When the Dual_EC_DRBG news stories were blowing it, it was re

Re: SSLKEYLOGFILE always enabled

On Tue, July 15, 2014 1:11 pm, Tom Ritter wrote: > Is having it in by default useful enough to outweigh the risk? > > When the Dual_EC_DRBG news stories were blowing it, it was revealed > that you could switch to it by just changing the Windows Registry. > It's a Windows-supported backdoor - no

Re: SSLKEYLOGFILE always enabled

On Tue, July 15, 2014 1:11 pm, Tom Ritter wrote: > Is having it in by default useful enough to outweigh the risk? > > When the Dual_EC_DRBG news stories were blowing it, it was revealed > that you could switch to it by just changing the Windows Registry. > It's a Windows-supported backdoor - no

Re: SSLKEYLOGFILE always enabled

Is having it in by default useful enough to outweigh the risk? When the Dual_EC_DRBG news stories were blowing it, it was revealed that you could switch to it by just changing the Windows Registry. It's a Windows-supported backdoor - no malicious code needs to stay running on your system - just fl

Re: SSLKEYLOGFILE always enabled

I looked into this once, and iirc the change was made intentionally and I guess the documentation not updated. I just updated the wikis. Thanks. On Sun, Jul 13, 2014 at 10:30 AM, Роман Донченко wrote: > Hello, > > Projects/NSS/Key_Log_Format>

SSLKEYLOGFILE always enabled

Hello, states that: "Obviously this is only a debugging measure and is only enabled if NSS is built with DEBUG and TRACE defined." Analogously,