Gervase Markham wrote: > I was giving the example of e.g. Google AdWords, where content on your > site is served from a 3rd-party site. So not all of the site can be > served by the same certificate. Parts will be your certificate, and > parts will be Google's. > OK...understand...Your example above raises another few questions:
1.) Are Google AdWords secured by SSL to start with? 2.) Should secured pages include such content as third party adverts, third party analytics and other stuff which might track movement and content to a third party? Personally I think this would be a basic breach of the initial purpose of privacy and encrypting content. I'd rather not supply my personal details to (secured) site which has all kinds of third party scripts included... To all of my knowledge Google Analytics and AdWords aren't secured by SSL and inclusion of it would downgrade regular SSL connections (broken lock) anyway. So perhaps the initial question of this thread is really important and I suggest to require same certificate (or at least same level) per site. It makes sense in my opinion... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
