On 9/23/2015 1:25 PM, Eric Mill wrote:
Except in both of these cases -- removing TLS fallback to v1.0, and raising
DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went
out first, and so that was the first impression people got, but Chrome's
policies are no less strict. In at least some enterprises, "everyone use
IE" is no longer a viable long-term recommendation, and I get the strong
sense that Chrome and Firefox's positions will force positive change. I
definitely see it happening around me.
-- Eric
So then perhaps you can address the second half of my question, since
that seems to be the position that you take:
"If not, and we are proud of our record in all of these cases, what can
be done to better educate the world about why all of this user grief was
in fact for the greater good?"
:rkent
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
