On Tue, 12 Jan 2016, Peter Gutmann wrote:
Or we ensure that firefox and chrome refuses to see those sites at all,
because they refuse a downgrade attack.
So users will switch to whatever browser doesn't block it, because given the
choice between connecting to Facebook insecurely or not connecting at all,
about, oh, 100% of users will choose to connect anyway.
And they'll grab a firefox/chrome from the free world.
It'll work out just fine for them, because what you're giving users is a
choice between using the Internet and not using it
Not really. But let's just leave it at that we disagree.
Paul
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
