I'm not sure that's within the scope of private browsing mode. Private browsing mode offers users privacy on their local machine, but does not offer any extra privacy w/r/t external parties. I think the warning when a user enters private browsing mode tries to make this clear. ( https://wiki.mozilla.org/PrivateBrowsing#Making_Sure_the_User_has_the_Correct_Mental_Model )
However, I do think that the caching behavior is a bug, since that impacts user privacy on the client. On Tue, Sep 6, 2011 at 11:07 AM, Devdatta Akhawe <[email protected]>wrote: > > > > Well, the list of IPs has been passed to Google, who are now able to > > warn people accessing Google from those IPs that there is a problem. So > > there are both good and bad sides to it. > > > > Sure. But I think users would be very surprised to find that every > time they visit a SSL site, some server somewhere is noting down what > site they visited, and when. > > -devdatta > > > >> Does Mozilla have a policy on such > >> behavior (maybe this question should be on dev.security.policy) ? I > >> feel like CAs should be explicitly told (by Mozilla) to not log OCSP > >> requests. > > > > No policy at the moment. > > > > Gerv > > _______________________________________________ > > dev-security mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security > > > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
