Florian Weimer wrote:
Most users are not subject to MITM attacks
This may or may not be true given the prevalence of wireless networks out there... we've had a number of reports of in-the-wild MITM attacks by wireless network operators.
but they do receive all kinds of URL lures.
Yes, most of these are trying to phish sites that are normally SSL, so we should be making it very easy to tell when a site is not SSL or doesn't have the expected hostname over SSL. Making non-SSL sites look more like SSL ones even by similarly highlighting the hostname is asking for trouble.
-Boris _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
