On Saturday, August 16, 2014 8:45:15 AM UTC-7, [email protected] wrote: > Hello world! > > > > We need votes for security bugs! > > > > Adding "Security Exception" for self-signed HTTPS sites cannot be done > > permanently > > https://bugzilla.mozilla.org/show_bug.cgi?id=1050100 > > > > Firefox 31 doesn't supports the industry recommended best HTTPS > > ciphers > > https://bugzilla.mozilla.org/show_bug.cgi?id=1051210 > > > > Other browsers should have the same bugs fixed.. > > > > p.s.: We are not related to this group, but we think they worth a > > penny or two: > > http://www.openbsdfoundation.org/donations.html > > http://www.libressl.org/ > > > > Good luck. Be safe..
I can't remember where the hell I read the thread and google is failing me, but the arguments against using 256 bit AES in modern browsers were basically this: -256-bit AES doesn't add very much security when an attack on 128-bit is still so far off -256-bit AES is slower than 128-bit -256-bit AES would be more vulnerable to a theoretical timing attack If anyone can remember where this was posted or if it's down right wrong, please let me know. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
