On 02/04/13 12:20, Florian Weimer wrote: > In a corporate setting, intercepting proxies are fairly common, and > displaying a warning would be annoying to users. (Didn't some browser > vendor already try that?)
It depends what UI you use. For example, if we had a red padlock... ;-) Seriously, that seems to be saying "users don't want to be bothered with the fact that their connection to their bank is being MITMed". I'm really not sure that's true. They may know in theory that network ops has this ability, but that's easy to forget; much better, when they have a lapse of memory and visit hsbc.com on their work computer, to have some sort of alert. Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security