Jean-Marc Desperrier wrote:
Ian, I have not much time now, but the hungarian cert in question is
*not* using the monetary limit extension, only the extension to say it
is a qualified certificate, which consists just of an OID and is
therefore easy to parse.
OK, that's good to know that there is
Ian G wrote:
[...]
So the task for the Euro cert in question [...]
[...]
What planet are these guys on? What are we supposed to do, run it
through a web translation engine?
It certainly opens a can of worms. I asked
around for any experience of these things,
but got no answers on the cryptography
http://202.108.69.147/webscr/
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Jean-Marc Desperrier wrote:
Gervase Markham wrote:
- The text used to explain the feature isn't at all clear to average
users. What is an "encrypted security key"? What does it mean if it's
missing? The message bar doesn't say.
+1 I thought it would be *really* obscure for the average user.
Ok,
Gervase Markham wrote:
HJ wrote:
Anyway, you may, or may not, nitpick about the used text and what not,
but a fact is a fact, this works for MultiZilla users, but what do you
think about this?
So this is an implementation of "New Site", from
http://www.gerv.net/security/phishing-browser-defences.
Gervase Markham wrote:
- The text used to explain the feature isn't at all clear to average
users. What is an "encrypted security key"? What does it mean if it's
missing? The message bar doesn't say.
+1 I thought it would be *really* obscure for the average user.
_
CarlosRivera writes:
> I disagree with you. If you have only session cookies allowed, a
> browser in one process would have a much more difficult time accessing
> the cookies in the other process whereas being in the same process it is
> very easy for a browser javascript security permission to
I disagree with you. If you have only session cookies allowed, a
browser in one process would have a much more difficult time accessing
the cookies in the other process whereas being in the same process it is
very easy for a browser javascript security permission to allow it.
This is merely on
