HJ wrote:
So you are forcing all people to look at punycode all the time, even if that makes it worse? What if I have a punycode look alike domain? Yeah, that will make it harder I guess.
Nope, we're never going to display the punycode and Unicode at the same time. It'll always be one or the other, depending on whether we trust the TLD not to issue homographic domains to different people.
My question was if you are forcing people to look at punycode all the time, like now, but you already answered my question.
What TLD's are concidered to be save at the moment (the same onces as Opera checks in Beta 8)?
How is this prevented by a Master Password? After you've typed the password in, the extension writer can then steal your data.
Bad extensions may be an issue, but they are unrelated to this one.
Yeah, just like I can real all of your password, with or without you knowing it, so that is crap in my eyes already!
What if I hide my status bar? Are you (Mozilla Firefox) re-enabling "MY" statusbar, just to be able to display that silly lock and text again?
That's your choice to do so.
Cool, so Mozilla Firefox won't re-enable the statusbar automatically?
> This is a problem for the Internet Cafe to deal with in their software
configuration. E.g. EasyInternetCafe completely wipes the computer and restarts between customers; this action would (obviously) clear the SSL history. But there won't be a button or UI to do it.
So people are forced to trust other people, without having the option to clear it manually.
Man, I'm sure that this will make people mad, just wait and see, because it is still a privacy issues, especially when someone writes an extension to display all of your hash keys :-)
/HJ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
