On 09/23/2011 04:19 AM, Justin Wood (Callek) wrote: > On 9/23/2011 5:36 AM, Paul B. Gallagher wrote: > ... >> Full article (Mozilla stuff on p. 2): >> <http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/> >> > > ALSO > http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611 > > Lastly, > It is unclear at this point if the attack can be replicated in Firefox > [Gecko] 7, which has the newer WebSocket protocol. We're working to get > an answer from the bug reporters. > > For further discussion on this threat, I suggest m.d.platform rather > than the SeaMonkey list, since its not just a SeaMonkey Issue...
http://www.mozilla.org/about/forums/ I'm curious why you recommend: mozilla.dev.platform For people working on Mozilla-the-platform. rather than: mozilla.dev.tech.crypto For discussions about cryptography, and cryptographic issues surrounding the Mozilla source code. See the PKI project for more info. (Moderated.) or mozilla.dev.security Security issues such as specific security problems or ideas for making the code as a whole more secure can be discussed here. Cryptography, however, is not within this group's charter. (Moderated.) Note: not disputing your recommendation; just trying to understand why when the others (security & crypto) seem closer to the issue. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
