On 7/4/2012 7:07 PM, Daniel Veditz wrote:
If we implement cert pinning we'll either have to allow that kind of
business to disable it, or write off our users who work for
companies with that kind of control freakery. It's more common than
you'd think, some of our own Mozilla community members work for
companies with that kind of policy.
Any bypass mechanism should result in a user-visible display.
Perhaps a notification like "Your access to this page is being
observed by ...."
John Nagle
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
