John Nagle wrote: > Did anyone go back and check to see if the people responsible for > removing that feature from Mozilla were induced to do so by > the NSA? > > That feature was removed before the Snowden disclosures. > It's time to look at this again.
Especially OCSP is a privacy nightmare since OCSP requests are always in clear and traffic data is sent to CAs. Ah yes, the OCSP endorsers will tell about OCSP stapling but that's still rarely used even for web access. Not to speak about secured POP3/IMAP connections. And it's not usable if you compose a S/MIME e-mail off-line. And even better for all folks observing all the traffic to see via OCSP that someone only composes a secured e-mail to a certain recipient. Ciao, Michael. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
