On 18/10/16 06:00, Jakob Bohm wrote: > Non-https TLS is not (and should not be) a separate trust bit from > https, but sometimes the logic applicable to trust policies, BRs etc. > will be slightly different if one doesn't ignore non-https use of TLS. > I have encountered arguments and policies that are valid only for the > specific case of up-to-date-web-browser https.
When such arguments occur, please do us the service of pointing them out :-) While it is true that HTTPS is a very important focus, Mozilla should care about at least POPS, SMTPS and IMAPS, and other protocols too. If we are taking actions which are problematic for non-HTTPS TLS, we should at the very least take them with full knowledge of what those problems are. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy