Florian Weimer wrote:
Most users are not subject to MITM attacks
This may or may not be true given the prevalence of wireless networks
out there... we've had a number of reports of in-the-wild MITM attacks
by wireless network operators.
but they do receive all kinds of URL lures.
Yes,
On 03/04/2009 03:36 PM, Boris Zbarsky:
Florian Weimer wrote:
Most users are not subject to MITM attacks
This may or may not be true given the prevalence of wireless networks
out there... we've had a number of reports of in-the-wild MITM attacks
by wireless network operators.
Yes, many
Eddy Nigg wrote:
[...] When do we expect SSL? On submit or on
password fields in a form[...]
IF page contains form
AND form contains password field
THEN flash insecure form warning
Could be done. But there would better be a cross browser agreement on
this. And coupled with a way to offer
On 4-Mar-09, at 8:36 AM, Boris Zbarsky wrote:
Florian Weimer wrote:
Most users are not subject to MITM attacks
This may or may not be true given the prevalence of wireless
networks out there... we've had a number of reports of in-the-wild
MITM attacks by wireless network operators.
On 03/04/2009 04:18 PM, Jean-Marc Desperrier:
Eddy Nigg wrote:
[...] When do we expect SSL? On submit or on
password fields in a form[...]
IF page contains form
AND form contains password field
THEN flash insecure form warning
Could be done. But there would better be a cross browser
On 03/04/2009 04:28 PM, Johnathan Nightingale:
no website can spoof the EV appearance of the site identity
button and, with the ssl_domain_display pref set to non-zero, (and
appropriate care given to IDN issues), they can't for regular SSL either.
Right, and I'm extremely glad that we are
This kind of thing?
https://addons.mozilla.org/en-US/firefox/addon/8128
On 4-Mar-09, at 9:42 AM, Eddy Nigg wrote:
On 03/04/2009 04:28 PM, Johnathan Nightingale:
no website can spoof the EV appearance of the site identity
button and, with the ssl_domain_display pref set to non-zero, (and
On 03/04/2009 04:48 PM, Johnathan Nightingale:
This kind of thing?
https://addons.mozilla.org/en-US/firefox/addon/8128
It looks nice! I think it should also turn red if the starting page is
unsecured, not only the landing page, but technically this would not be
correct. However I'd fee