On Sun, 2015-05-10 at 12:47 -0700, Ryan Sleevi wrote: > > - Don't load a module unless the user has explicitly asked or configured > that module to be loaded. > - Do not patch NSS to load modules outside of the explicitly requested > modules.
Quite right; that's absolutely how we should behave. As long as we include the sysadmin as a 'user' in the above definition, of course. The sysadmin should be able to configure things for *all* users according to the desired policy, rather than forcing each user to set things up for themselves. And in turn the *developers* of the operating system distribution should be able to set a default policy for the sysadmin to build upon. I mention that because it cuts to the heart of what we're actually trying to achieve here — being able to set a *platform* policy which is then honoured consistently by all applications regardless of which crypto library they're using today. Note that in the case of p11-kit, the policy you set is already a per -application choice. You can set a module to be loaded in one application, but not in another. Which is something that AFAIK you *cannot* do with a shared NSS database in $HOME/.pki/nssdb. I completely agree that Chrome should only ever load the modules which are configured to be loaded into Chrome. I'm surprised you feel the need to mention that. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
