Re: Intent to Ship: Move Extended Validation Information out of the URL bar

ot;. Before browsers started showing dire warnings on non-secure pages, basically no phishing site bothered with SSL at all, since their target audience simply didn't notice anything wrong. -- begin .sig < Jernej Simončič ><>◊<>< jernej|s-ng at eternallybored.org > en

Re: Useful Heuristics

ething there (and then reject - or --). -- begin .sig < Jernej Simončič ><>◊<>< jernej|s-ng at eternallybored.org > end ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Remediation Plan for WoSign and StartCom

you don't have your phone number published in a directory, since they use it for validation). It took about a week from applying for the certificate to getting it issued. When I was buying the certificate, I found a 25% discount code on some 3rd party website. -- begin .sig < Jernej Simončič &

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

some warehouse far longer than 3 months in the past. -- begin .sig < Jernej Simončič ><>◊<>< jernej|s-ng at eternallybored.org > end ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: SSL Certs for Malicious Websites

nd wget, netcat for Windows). Luckily, the worst that came from it were some e-mail exchanges and a lengthy phonecall with my ISP, but I know of people who lost their hosting thanks to having files that were similarly triggering false antivirus alerts. -- begin .sig < Jernej Simončič &

Re: Proposal: Switch generic icon to negative feedback for non-https sites

the page area)? -- begin .sig Jernej Simončič ◊ jernej|s-ng at eternallybored.org end ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy