On Thursday, 22 August 2013 09:09:06 UTC+3, Mikko Rantalainen wrote:
> If we really believed that shorter lifetime is required for the keys,
> we would be replacing those CA keys already.
I'd like to add that in my opinion, the lifetime should be decided by the user
agent (default
On Friday, 16 August 2013 12:01:51 UTC+3, Gervase Markham wrote:
> On 15/08/13 11:22, Mikko Rantalainen wrote:
>
> > No. The site's public key does not need to be changed to request a
> > new certificate.
>
> Technically, no. But there are other occasions on
On Thursday, 15 August 2013 12:23:18 UTC+3, Gervase Markham wrote:
> On 14/08/13 07:09, Mikko Rantalainen wrote:
>
> > I'd say that such a bookmark would be highly probably safe, if that
> > bookmark did include fingerprint for the site public key (*not CA key
> >
On Wednesday, 14 August 2013 12:03:22 UTC+3, Kevin Chadwick wrote:
> > Say you have an HTTPS bookmark to your bank. You visit it (your techie
> > friend told you "always use this bookmark for your bank, and you'll be
> > safe"),
>
> So now you trust a user writable reference over a non writable i
On Wednesday, 14 August 2013 12:21:15 UTC+3, Kevin Chadwick wrote:
> > This is because the cheapest CAs do so bad work that the
> > security is very close to self signed cert.
>
> Please show me evidence of startssl being less secure than some of the
> big CAs that have had major incidents. You o
On Tuesday, 13 August 2013 14:59:15 UTC+3, Gervase Markham wrote:
> On 13/08/13 08:44, Mikko Rantalainen wrote:
>
> > I cannot speak for Ian, but I'd guess "neutral" mode means something
> > along the lines "use encrypted connection but do not show any
On Tuesday, 13 August 2013 00:59:24 UTC+3, Tanvi Vyas wrote:
> I filed a bug for this and welcome feedback and
> suggestions: https://bugzilla.mozilla.org/show_bug.cgi?id=903211.
Thanks for the pointers. I added a comment to that bug.
> On a side note, Ian mentioned a "neutral" mode for SSL, an
On Monday, 12 August 2013 11:27:59 UTC+3, ianG wrote:
> The only 'solution' is really to put everything into the secure side.
Unfortunately, I cannot control everything. I'm authoring a kind of CMS system
for educational use and I need to support user authored content. The whole
system uses onl
I had totally missed that Firefox 23 turned on Mixed Content blocking. What is
the rationale for that?
I'm aware that MSIE blocked mixed content but I always considered that a bug.
In short, I see mixed content blocking pros and cons as follows:
Pros:
(1) Avoid MitM attack for HTTPS sites that
