On Sun, Jul 20, 2014 at 3:23 AM, Hubert Kario <hka...@redhat.com> wrote:
> and while we're at it, let's get rid of those warnings about self > signed certificates -- they are less insecure than HTTP (Firefox actually > uses certificate pinning for sites with previously waived cert problems!) > so let's not treat them worse than HTTP connections I'm pretty sure Firefox merely remembers your decision to click through the warning, not that it pins the keys/certificates in the chain you clicked through on. Although I have proposed that for certain use-cases, its applicability is limited — will people know how to recover if the key(s) change(s)? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
