* JeffH: > We wish to bring the following draft specification to your attention.. > > Strict Transport Security (STS) > <http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges- > strict-transport-sec-05.plain.html>
Does this address the lack of enforcement of the EV certificate security level (i.e. it is usually sufficient to get any browser-recognized certificate if I want to attack an EV site, *without* disabling the EV UI)? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
