On Wed, Oct 9, 2013 at 9:01 AM, Gervase Markham <g...@mozilla.org> wrote: > Attack surface reduction works: > http://blog.gerv.net/2013/10/attack-surface-reduction-works/ > > In the spirit of learning from this, what's next on the chopping block?
Master password. The UI is prone to phishing, it causes all sorts of problems because of how we use the log in to the NSS database to implement it, it causes annoying UX for the people that use it, the cryptography used is useless (bing FireMaster), there's hardly any resources to do anything to actually fix any of these problems other than remove it, and it slows down progress on important security features. Cheers, Brian _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
