Nelson,
Now, if it's true that TBird users CANNOT password protect their key DBs, then I think we (NSS developers) should insist that this be fixed. This is a GROSS security hole. Perhaps we should declare a moratorium on additional NSS work until this capability is restored ot the TBird UI.
Because of FIPS 140-2 validation on softoken, we may be forced to put hard requirements on the password in the future, and no password wouldn't do . So, I think Tbird would be broken in the future if users can't set a password on the NSS DB, at least if FIPS mode is enabled. I guess they wouldn't be able to turn on FIPS mode anyway either ...
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
