Wouldn't it be easier to just decree that HTTPS is illegal and block all
outbound 443 (only plain-text readable comms are allowed)? Then you would not
have the decrypt-encrypt/decrypt-encrypt slowdown from the MITM.
If you don't want to make everyone install a certificate:
Issue a
> As others (and I) have mentioned, MitM is also how many ordinary
> antivirus programs protect users from attacks. The hard part is
> how to distinguish between malicious and user-helping systems.
Sure, but the question is whether MiTM have reasonable security use cases for
ordinary users.
On 19/07/2019 21:13, andrey.at.as...@gmail.com wrote:
I am confused. Since when Mozilla is under obligation to provide customized
solutions for corporate MITM? IMHO, corporations, if needed, can hire someone
else to develop their own forks of Chrome/Firefox to do snooping on HTTPS
On 19/07/2019 16:52, Troy Cauble wrote:
On Thursday, July 18, 2019 at 8:26:43 PM UTC-4, wolfgan...@gmail.com wrote:
Even on corporate hardware I would like at least a notification that this is
happening.
I like the consistency of a reminder in all cases, but this
might lead to corporate
Dana petak, 19. srpnja 2019. u 21:25:05 UTC+2, korisnik saxp...@gmail.com
napisao je:
> I am no expert at these things, so please forgive me if these are elementary
> or dumb questions.
>
> What is different about this certificate compared to the tools the KZ
> government already uses to
I am no expert at these things, so please forgive me if these are elementary or
dumb questions.
What is different about this certificate compared to the tools the KZ
government already uses to block individual websites and apps?
Doesn’t the KZ government already have the ability to read
I am confused. Since when Mozilla is under obligation to provide customized
solutions for corporate MITM? IMHO, corporations, if needed, can hire someone
else to develop their own forks of Chrome/Firefox to do snooping on HTTPS
connections.
In regular browsers, developed by community effort
On Tuesday, January 8, 2019 at 3:12:26 PM UTC-5, Wayne Thayer wrote:
> Thanks Corey, Ryan, and Jonathan.
>
> In one of the bugs that Ryan created, the CA stated that it's not clear if
> or when Mozilla requires revocation of these P-521 certificates. I believe
> the answer is that we do not
On 7/18/2019 9:15 PM, alwayshisforever5183--- via dev-security-policy wrote:
How do I remove the cert root?
Use tools/options, type "cert" in the "find in options" box, then click
"view certificates". Select "authorities" tab. Now examine the list
until you find the certificate(s) you want
While possible, that seems unlikely. Corporates are, in general, not
trying to hide when this is being done.
In fact, there are lots of good legal liability reasons why they should
want their users to be constantly reminded.
On Fri, Jul 19, 2019 at 10:27 AM Troy Cauble via dev-security-policy <
On Thursday, July 18, 2019 at 8:26:43 PM UTC-4, wolfgan...@gmail.com wrote:
> Even on corporate hardware I would like at least a notification that this is
> happening.
I like the consistency of a reminder in all cases, but this
might lead to corporate policies to use other browsers.
Like I said, expect to defend this in House and Senate hearings.
This is a restraint of trade. You are using your market power to impede
development of the market.
Mozilla corp made no complaint when VeriSign deployed Issuer LogoTypes.
On Tue, Jul 16, 2019 at 8:17 PM Wayne Thayer via
W dniu czwartek, 7 stycznia 2016 00:08:10 UTC+1 użytkownik Paul Wouters napisał:
> As was in the news before, Kazakhstan has issued a national MITM
> Certificate Agency.
>
> Is there a policy on what to do with these? While they are not trusted,
> would it be useful to explicitely blacklist
Well, then users will just get accustomed to seeing this indication on
corporate sites and will ignore it.
Regards,
Mucius.
On Friday, July 19, 2019 at 3:26:43 AM UTC+3, wolfgan...@gmail.com wrote:
> I am not a Mozilla developer, nor have I ever been, but I am a user of what I
> consider to
Appeal to the Mozilla Firefox developers
Hello to all!
I'm Software Engineer and citizen of Kazakhstan. This certificate is not
implemented to protect users, but for political reasons. Kazakhstan has a
dictatorship. This is done specifically to block "politically incorrect
content.".
Look
On Thursday, July 18, 2019 at 2:39:51 PM UTC-4, Matthew Hardeman wrote:
> Isn't the logical outcome that the nation-state forks one of the
> open-source browser projects, patches in their MiTM certificate, and
> un-does the blacklisting? I think that's exactly what would happen. The
> trouble
How do I remove the cert root?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
17 matches
Mail list logo