Closed Bug 1360692 Opened 8 years ago Closed 7 years ago

remove FIPS support in Firefox

Categories

(Core :: Security: PSM, enhancement, P2)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: keeler, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

Maintaining support for FIPS in Firefox has become increasingly burdensome (see the discussion in bug 1337950). Telemetry indicates it is uncommon to enable ( https://mzl.la/2oTWcSi ). Finally, we're not aware of any concrete organizational requirements that mandate it (see in particular bug 1337950 comment 31). We should just remove it.
Can we start maybe with simply removing the Enable FIPS button from Tools > Options > Advanced > Certificates > Security Devices? This can be done without any impact, since the button doesn't work anyway, so the change can be uplifted to version 53 also.
See Also: → 1366582
(In reply to Onno Ekker [:nONoNonO UTC+1] from comment #1) > Can we start maybe with simply removing the Enable FIPS button from Tools > > Options > Advanced > Certificates > Security Devices? This can be done > without any impact, since the button doesn't work anyway, so the change can > be uplifted to version 53 also. I filed Bug 1366582, although I don't think there's a real need to uplift the change.
FIPS provides an added layer of security in the event that someone accesses your account or copies your Firefox files in an attempt to gain access to your account. Why would removing the button help with anything other than further removing security from the Firefox browser?
Actually we probably don't need to do this at this time.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.