On Wed, Oct 9, 2013 at 9:01 AM, Gervase Markham <ge...@mozilla.org> wrote:
> Attack surface reduction works:
> http://blog.gerv.net/2013/10/attack-surface-reduction-works/
>
> In the spirit of learning from this, what's next on the chopping block?

Master password. The UI is prone to phishing, it causes all sorts of
problems because of how we use the log in to the NSS database to
implement it, it causes annoying UX for the people that use it, the
cryptography used is useless (bing FireMaster), there's hardly any
resources to do anything to actually fix any of these problems other
than remove it, and it slows down progress on important security
features.

Cheers,
Brian