On Mon, Jan 4, 2016 at 12:46 PM, Jesper Kristensen < moznewsgro...@something.to.remove.jesperkristensen.dk> wrote:
> Den 04-01-2016 kl. 19:45 skrev Daniel Holbert: > >> On 01/04/2016 10:33 AM, Josh Matthews wrote: >> >>> Wouldn't the SSL cert failures also prevent submitting the telemetry >>> payload to Mozilla's servers? >>> >> >> Hmm... actually, I'll bet the cert errors will prevent Firefox updates, >> for that matter! (I'm assuming the update-check is performed over HTTPS.) >> > > If I remember correctly, update checks are pinned to a specific CA, so > updates for users with software that MITM AUS would already be broken? That was removed awhile ago in favor of using mar signing as an exploit mitigation. > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform