On Mon, 2016-01-11 at 19:45 +0100, Jakob Bohm wrote: > He is obviously referring to the fact that refusing to encrypt using > the MiTM certificate would force users to access their e-mails (etc.) > using unencrypted connections (plain HTTP, plain IMAP, plain POP3 > etc.), thus exposing themselves to wiretapping by parties other than > the government in question.
Thanks for the hint! Nowadays many Internet services no longer offer the choice to connect without TLS. Many popular sites accessed using http immediately redirect to https. So, blacklisting the CA would have a mixed effect. Forced plaintext for those services that still allow plaintext, and blocked connectivity for those that require TLS (affecting all software that doesn't allow to override blacklisted certificates, such as Firefox). Kai _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy