Thank you for posting a summary of your meetings and discussion.
mozilla.dev.tech.crypto is the newsgroup for NSS and PSM.
Wan-Teh Chang
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 09/04/2011 00:52, Adam Barth wrote:
- CA locking functionality in HSTS or via CAA
There's significant interest in this feature from chrome-security
as well.
What about EV locking ?
How does a site change CA after he's started enabling CA locking.
Would you enable multiple CA locking
On Fri, Apr 8, 2011 at 4:02 PM, Jean-Marc Desperrier jmd...@free.fr wrote:
On 09/04/2011 00:52, Adam Barth wrote:
- CA locking functionality in HSTS or via CAA
There's significant interest in this feature from chrome-security
as well.
What about EV locking ?
How does a site change
On 04/09/2011 01:52 AM, From Adam Barth:
There's significant interest in this feature from chrome-security
as well.
There is however a very limited benefit and would only prevent a
particular type of failure if at all. The enforcement for it would have
to be baked into the client
On Sat, Apr 9, 2011 at 10:44 AM, Eddy Nigg eddy_n...@startcom.org wrote:
On 04/09/2011 01:52 AM, From Adam Barth:
There's significant interest in this feature from chrome-security
as well.
There is however a very limited benefit and would only prevent a particular
type of failure if at
On 04/09/2011 10:32 PM, From Adam Barth:
Yes. Certificate (or CA) pinning in HSTS is an agreement between a
web site and a browser.
Excellent! Even though I assume that this still prevents only a
particular failure and probably should never be a substitute or shifting
of responsibilities