On Sun, May 10, 2015 12:31 pm, David Woodhouse wrote: > > You don't need to expose it to the sandbox to use PKCS#11 in the web > > browser. That's not how modern sandboxed browsers work. > > That sounds like a bit of a failure of the sandboxing to me. Just so I > understand what you're saying... regardless of whether the browser > complies with the system policy for PKCS#11 modules, it's considered > acceptable that a sandbox can happily authenticate using any of the > certificates in my NSS database and any of the PKCS#11 tokens that I > have manually enabled?
No, you don't understand what I'm saying, and have reached a conclusion that again is the opposite. I will try to break it down to it's core parts: - Don't load a module unless the user has explicitly asked or configured that module to be loaded. - Do not patch NSS to load modules outside of the explicitly requested modules. Your patch fails on both of those. It's really that simple. If you don't try to patch NSS to do something crazy, it will surprisingly not do something crazy. And to be as abundantly explicit as I can be: No, your assumptions about how sandboxing works are quite flawed. The fact is that the module is *not* loaded in the sandbox is the thing to preserve, which your patch destroy. If the user requests NSS to load a module. It should load that module. And that module only. Period. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
