On Wed, 11 Apr 2012 11:20:17 -0700 Eric Chen wrote: > We are also interested in a defense for this. The defense that we came up > with is actually very similar to proposal 1) and 3)
If you can work it without STS, do so as anything that turns users away will not get widespread adoption especially as STS appears to be seen as quite fallible. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security