On 9/15/2015 8:51 AM, Kathleen Wilson wrote [in part]:
> Yes. My plan is to publish the DRAFT of version 2.3 of the policy and
> list the changes, and then send a CA Communication to be sure they are
> all aware of the proposed changes and give them time to respond. So, it
> is very possible th
On 9/17/2015 10:26 AM, Peter Kurrasch wrote:
> As a counter exaple, consider that some in-car entertainment systems
> offer (or want to offer) "downloadable app" capabilities.
Obviously, Mozilla's position is that it should be the car
manufacturer's responsibility to maintain their own trust lis
It sounds as though the decision has been made, then: the code sign trust bit is out as are the pertinent certs. With Gerv giving a repeated "best regards" to the BR I don't think any other conclusion could be dr
Chrome has pinning too (in fact, Firefox's baseline list for HSTS and
pinning is extracted from there). AFAIK, Mozilla just didn't ask for
their domains to be pinned in Chromium. I don't think lack of support
for MITM attacks is a bug that should be addressed. It's a security
liability even when us
On Thursday, 17 September 2015 09:27:15 UTC+10, s...@gmx.ch wrote:
> MITM is *always* bad and breaks the web. Modern browsers, especially
> Firefox, have great features to protect the users and this is something
> good. I'm pretty sure your students don't even know, that you attack
> their connect
Yes, some hosts are pinned:
https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json
MITM is *always* bad and breaks the web. Modern browsers, especially
Firefox, have great features to protect the users and this is something
good. I'm pretty sure your students d
On Thursday, 17 September 2015 08:02:21 UTC+10, David Keeler wrote:
> On 09/16/2015 02:51 PM, AnilG wrote:
> > Thanks Kathleen, those links might be helpful. I'm following them up in
> > Chrome because there's another issue blocking them for Firefox: Secure
> > Connection Failed. The connection
On 09/16/2015 02:51 PM, AnilG wrote:
> Thanks Kathleen, those links might be helpful. I'm following them up in
> Chrome because there's another issue blocking them for Firefox: Secure
> Connection Failed. The connection to wiki.mozilla.org was interrupted while
> the page was loading. The page y
On Wednesday, 16 September 2015 18:14:28 UTC+10, Kurt Roeckx wrote:
> On 2015-09-15 02:12, Anil Gulati wrote:
> > So I'd agree Firefox is not being too strict (in this scenario anyway - I
> > had previous issues a few months ago where Chrome worked and Firefox
> > didn't) but Firefox does have the
On Wed, Sep 16, 2015 at 02:51:28PM -0700, AnilG wrote:
>
> there's another issue blocking them for Firefox: Secure Connection Failed.
> The connection to wiki.mozilla.org was interrupted while the page was loading.
I wonder if firefox is using certificate pinning for
*.mozilla.org.
Kurt
_
On Thursday, 17 September 2015 04:00:22 UTC+10, Kathleen Wilson wrote:
> On 9/16/15 1:13 AM, Kurt Roeckx wrote:
> > I think they can distribute the certificate for use by chrome and
> > internet explorer by using the group policy and so it's trivial for them
> > to distribute it to all the PCs. I
On 9/16/15 1:13 AM, Kurt Roeckx wrote:
I think they can distribute the certificate for use by chrome and
internet explorer by using the group policy and so it's trivial for them
to distribute it to all the PCs. It might be a little bit more
complicated to do the same for Firefox.
We have some
On 2015-09-15 02:12, Anil Gulati wrote:
So I'd agree Firefox is not being too strict (in this scenario anyway - I
had previous issues a few months ago where Chrome worked and Firefox
didn't) but Firefox does have the additional step to install certs in it's
own certificate database instead of ref
13 matches
Mail list logo
