Re: Intent to deprecate: Insecure HTTP
> > Note that Firefox does not presently support either DANE or DNSSEC, > so we don't need to distinguish these. > > -Ekr > Nor does Chrome, and look what happened to both browsers... http://www.zdnet.com/article/google-banishes-chinas-main-digital-certificate-authority-cnnic/ ...the keys to the castle are in the DNS registration process. It is illogical not to add TLSA support. ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to deprecate: Insecure HTTP
I think that you'll need to define a number of levels of security, and decide how to distinguish them in the Firefox GUI: - Unauthenticated/Unencrypted [http] - Unauthenticated/Encrypted [https ignoring untrusted cert warning] - DNS based auth/Encrypted[TLSA certificate hash in DNS] - Ditto with TLSA/DNSSEC - Trusted CA Authenticated[Any root CA] - EV Trusted CA [Special policy certificates] Ironically, your problem is more a GUI thing. All the security technology you need actually exists already... ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform