On Wed, Sep 23, 2015 at 2:55 PM, R Kent James <[email protected]> wrote:
> On 9/23/2015 1:25 PM, Eric Mill wrote: > >> Except in both of these cases -- removing TLS fallback to v1.0, and >> raising >> DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went >> out first, and so that was the first impression people got, but Chrome's >> policies are no less strict. In at least some enterprises, "everyone use >> IE" is no longer a viable long-term recommendation, and I get the strong >> sense that Chrome and Firefox's positions will force positive change. I >> definitely see it happening around me. >> >> -- Eric >> >> > So then perhaps you can address the second half of my question, since that > seems to be the position that you take: > > "If not, and we are proud of our record in all of these cases, what can be > done to better educate the world about why all of this user grief was in > fact for the greater good?" > I'd phrase it instead as: what can be done to educate people responsible for deploying/buying enterprise software deployment that a rapid update path for all software/protocols/ciphers/certificates is a critical prerequisite for performing their job responsibly? > > :rkent > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
