On Mon, May 11, 2015 4:09 am, David Woodhouse wrote: > I completely agree that Chrome should only ever load the modules which > are configured to be loaded into Chrome. I'm surprised you feel the > need to mention that.
Because you still don't understand, despite how many ways I'm trying to say it. It's not simply sufficient to load module X into Chrome or not. p11-kit's security model is *broken* for applications like Chrome, at least with respect to how you propose to implement. Let's say you've got Module X. Today, Chrome controls loading of modules. It can load module X into the browser process (and trusted process) and *NOT* load Module X into a sandboxed zygote process that it then uses to start renderers and such. Because Chrome fully controls module loading, and uses the NSS documented APIs, it can ensure that things are appropriately controlled. It can guarantee exactly which modules can be loaded into the untrusted process - such as the read-only, non-modiable root trust module. You still don't seem to understand that distinction, because you keep calling it "broken". No, it's only broken with something like p11-kit comes along and violates the API guarantees. That's why I keep reiterating that the reasons for NSS's per-application config extend beyond just "No one's gotten around to it" and are deeply intertwined with *legitimate application's needs that p11-kit so far fails to respect. I don't know how many ways I can say it, but I'm trying to provide a simple example that can be empirically validated about how your proposal *fails* and causes security issues. I think you keep leaping ahead of yourself in proposing, so I would again, as I have privately, encouraged you to go back, start from first principals, and make sure you *understand the requirements* before jumping too far into proposing solutions. I think a solution can be found, but I think we're going to continue to waste time if every other email jumps three steps ahead. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
