My question was if you are forcing people to look at punycode all the time, like now, but you already answered my question.
What TLD's are concidered to be save at the moment (the same onces as Opera checks in Beta 8)?
At the moment, none. Firefox 1.0.1 was released very soon after the story broke, and we only had time to make a simple change. So, we changed it to punycode for everyone.
Cool, so Mozilla Firefox won't re-enable the statusbar automatically?
Nope, I don't think so. We might one day do this for popups, perhaps. Interesting idea.
So people are forced to trust other people, without having the option to clear it manually.
If you are using a computer you don't control totally, you are trusting other people.
Man, I'm sure that this will make people mad, just wait and see, because it is still a privacy issues, especially when someone writes an extension to display all of your hash keys :-)
I don't think you quite understand how the hash keys work.
The hash keys would be things like:
ab4b23d7254fa03ffce57e949fefa935 bdb6b31090e340968767e2f3b3cc6c9c 49623feff08b060d00b9b594b47ff508
You can't reverse them to get the domain names back out again.
You can hash a particular domain and say "has the user visited https://www.foo.com?"; (which is the question the browser needs to know to do the "new site" indicator). But you can't say "give me a list of all the domains they visited."
Note that the hash would include a user-specific component, so online dictionaries of hash values wouldn't be any use.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
