On Thu, Sep 18, 2014 at 5:15 PM, <diaf...@gmail.com> wrote: > Instead of trying to pile on more clutter to the lock/warning/globe states, > how about letting the user determine the threshold of those states? > > The default would be what they are now, but perhaps in about:config you could > set the lock state to require perfect forward secrecy, otherwise drop to a > warning state.
In Chrome, we are (very) gradually ratcheting up the cipher suite/other crypto parameter requirements. It has proven quite fruitful. I can imagine a future in which non-PFS gets treated as non-secure. But not just yet. Even experts, in my experience, get hung up on the complexity of about:flags. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
