> > Well, the list of IPs has been passed to Google, who are now able to > warn people accessing Google from those IPs that there is a problem. So > there are both good and bad sides to it. >
Sure. But I think users would be very surprised to find that every time they visit a SSL site, some server somewhere is noting down what site they visited, and when. -devdatta >> Does Mozilla have a policy on such >> behavior (maybe this question should be on dev.security.policy) ? I >> feel like CAs should be explicitly told (by Mozilla) to not log OCSP >> requests. > > No policy at the moment. > > Gerv > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
