On 24/03/13 16:43, John Nagle wrote: > If, in private browsing mode, Mozilla can detect a MITM attack, > the user should be warned with a high-visibility warning.
Er, if we could detect an MITM attack in any mode, there should be a high visibility warning. :-) > This includes any cert in the chain with a wildcard bigger than > one second-level domain. I'm not entirely sure what you mean here, but NSS now only accepts certs with the wildcard in the leftmost position. > The base list of CAs from Mozilla > used in this mode may be shorter than the main list. In what way would such a shortening be accomplished? > Any > CAs added locally, if allowed at all, should produce a warning. Now that _is_ an interesting idea. It is unlikely that someone would be using private browsing mode to browse their own intranet. So it might make sense to beef up the UI indicators (if not warnings) about using a non-default-install cert in PBM. Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
