Gervase Markham wrote:
Yes. What's your point? There's no need for additional technical protection; SSL is a good and secure techology. Technical protections are not what CAs do; their entire job is "social" (in your terms).
SSL is a good confidentiality technology. Most information submitted over SSL is completely reusable once received by the server. I don't see any benefit whatsoever for Mozilla users absent some concrete Mozilla policies, as dbaron suggests. Without those, it's just security theater. Even with them, I don't see why we should alter the UI immediately.
-Rob _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
