On Tue, 12 Jan 2016, Peter Gutmann wrote:
Or we ensure that firefox and chrome refuses to see those sites at all,
because they refuse a downgrade attack.
So users will switch to whatever browser doesn't block it, because given the
choice between connecting to Facebook insecurely or not
It really isn't a good idea for Mozilla to try to mitigate the
security concerns of people living in a police state. The cost of
doing so is you will set precedents that others demand be respected.
Yes providing crypto with a hole in it will be better than no crypto
at all for the people who
The Mozilla Trusted Root program can and should police violations of the
Mozilla Trusted Root program, and any other fraudulent *publicly trusted*
certificates. That's non-controversial.
Policing violations of more general social norms -- by choosing to actively
distrust non-publicly-trusted
On Tue, Jan 12, 2016 at 11:46 AM, Jakob Bohm wrote:
> On 12/01/2016 16:49, Phillip Hallam-Baker wrote:
>>
>> It really isn't a good idea for Mozilla to try to mitigate the
>> security concerns of people living in a police state. The cost of
>> doing so is you will set
Paul Wouters writes:
>> If you disallow the cert and turn off encryption, Borat can still read
>> everyone's traffic, but so can everyone else on the planet.
>
>Who said "turn off encryption"?
If you don't allow the MITM cert, which is needed to enable encryption in the
On Mon, 2016-01-11 at 19:45 +0100, Jakob Bohm wrote:
> He is obviously referring to the fact that refusing to encrypt using
> the MiTM certificate would force users to access their e-mails (etc.)
> using unencrypted connections (plain HTTP, plain IMAP, plain POP3
> etc.), thus exposing themselves
On Mon, Jan 11, 2016 at 1:45 PM, Jakob Bohm wrote:
> On 09/01/2016 19:22, Kai Engert wrote:
>>
>> On Sat, 2016-01-09 at 14:11 +, Peter Gutmann wrote:
>>>
>>> That would have some pretty bad consequences. With the MITM CA cert
>>> enabled,
>>> Borat [0] can read every
On 09/01/2016 19:22, Kai Engert wrote:
On Sat, 2016-01-09 at 14:11 +, Peter Gutmann wrote:
That would have some pretty bad consequences. With the MITM CA cert enabled,
Borat [0] can read every Kazakh user's email, but no-one else can. With the
MITM CA blacklisted, Borat can still read
Kai Engert writes:
>Independently of the request for inclusion, this group could discuss if the
>Kazakhstan's CAs should be blacklisted, by adding them to the Mozilla CA list
>using negative distrust flags
That would have some pretty bad consequences. With the MITM CA cert
On Sat, 2016-01-09 at 14:11 +, Peter Gutmann wrote:
> That would have some pretty bad consequences. With the MITM CA cert enabled,
> Borat [0] can read every Kazakh user's email, but no-one else can. With the
> MITM CA blacklisted, Borat can still read every Kazakh user's email, but so
> can
10 matches
Mail list logo