On Wed, Sep 17, 2014 at 11:20 AM, Richard Barnes <[email protected]> wrote:
> Anne suggested an idea to me that I thought would be interesting for this > group. Consider this email a rough sketch of an idea, not any sort of plan. broadly speaking I really favor this kind of thing. I would caution a bit about lumping in the transport bits (tls versions, forward secrecy, etc.) that don't have some kind of pinning opt-in.. a host might use N servers across a mesh of different CDN providers - each provisioned with the same cert and key, that use different ciphersuites.. if we awarded a security badge from an interaction with one node and took it away when you were subsequently load balanced that sends an implicit signal of distrust that we wouldn't be sending for another site where the badge never appeared at all. Some kind of transport-feature-pinning feature would solve it.. or perhaps even a "pin to >= h2" feature which carries a lot of the best practices you want as guarantees might be sufficient. just thinking out loud.. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
