On Mon, Sep 22, 2014 at 10:52 PM, Chris Palmer pal...@google.com wrote:
Quite so. My point in this thread was: If we are going to change the
definition of what an origin is, the most security-meaningful change
would be to tie cryptographic identities to origins, rather than
anything else; and,
- Original Message -
From: s...@gmx.ch
To: dev-security-policy@lists.mozilla.org
Sent: Monday, 22 September, 2014 9:28:39 PM
Subject: Re: Indicators for high-security features
Am 22.09.2014 um 14:56 schrieb Henri Sivonen:
On Wed, Sep 17, 2014 at 6:20 PM, Richard Barnes
On Tue, Sep 23, 2014 at 8:08 PM, fhw...@gmail.com wrote:
I'm sure blocking such http requests would break some sites but has anyone
performed research or analysis into how big the problem is? Is there a user
option to force them to be blocked?
Download Firefox Nightly, browse the web, and
On Tue, Sep 23, 2014 at 11:08 AM, fhw...@gmail.com wrote:
So what is the reason to use HSTS over a server initiated redirect? Seems to
me the latter would provide greater security whereas the former is easy to
bypass.
You have it backwards.
http://www.thoughtcrime.org/software/sslstrip/
On Tue, Sep 23, 2014 at 01:08:13PM -0500, fhw...@gmail.com wrote:
So what is the reason to use HSTS over a server initiated redirect? Seems
to me the latter would provide greater security whereas the former is easy
to bypass.
On the contrary, HSTS is much harder to bypass, because the browser
Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the “SZAFIR
ROOT CA” root certificate and enable all three trust bits.
KIR S.A. is a private corporation in Poland which currently mainly
issues qualified certificates for general public and plans to issue
non-qualified certificates
One thing leaps out at me immediately: these test certificates. They
appear to be issued from the same CA as the regular certificates, but s3.2
states, In case of test certificates they may be issued remotely *without
the necessity to verify the subscriber's identity. That seems... bad.
So I read through RFC 6797 and see that some of my concerns are addressed there. Still, I would like to have a better understanding of Mozilla's implementation since there is user agent flexibility that's open to interpretation. One other thing that isn't clear to me is how complete the Mozilla
8 matches
Mail list logo