the current threat model for private browsing mode doesn't include network attackers and is very limited in scope.
another very common MITM situation is a captive portal on public wireless. personally, i'm reluctant to conflate network attacks with private browsing mode, i believe it's already difficult for users to understand what private browsing mode does and doesn't protect against and i think this would make it more so. IMO, it would be more productive to focus on captive portal detection and more specific/differentiated SSL warnings for all browsing modes. thanks, ian ----- Original Message ----- From: "Gervase Markham" <g...@mozilla.org> To: mozilla-dev-secur...@lists.mozilla.org Sent: Wednesday, March 27, 2013 2:29:58 AM Subject: Warnings about non-default certs in Private Browsing Mode? I wanted to raise a suggestion from John Nagle to the status of a new thread. John suggested that, in Private Browsing Mode only, Firefox should inform the user if they make a secure connection using a certificate which is not one of the default set in NSS's root store. The logic is that if a user is using PBM, they are unlikely to be browsing their own intranet, or other location where the certificate chains up to a manually-installed cert. Therefore, if one is being used, they are likely to be being MITMed. They may have consented to this, e.g. at a workplace - hence the suggestion that this is a prominent user interface indicator, e.g. a non-dismissable infobar, rather than a blocking page or red scary warning. Do people think this makes any sense? Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security