On Tuesday, 13 August 2013 00:59:24 UTC+3, Tanvi Vyas wrote: > I filed a bug for this and welcome feedback and > suggestions: https://bugzilla.mozilla.org/show_bug.cgi?id=903211.
Thanks for the pointers. I added a comment to that bug. > On a side note, Ian mentioned a "neutral" mode for SSL, and I'm unclear > on what that is referring to. Some context would be helpful. I cannot speak for Ian, but I'd guess "neutral" mode means something along the lines "use encrypted connection but do not show any additional 'secure' UI decorations". That would be suitable for cases where site wants to protect the user input and site output but there's no need to convince the user that the *site* is secure. Kind of "this is normal content that just happens to be transferred over secure link, allow all stuff that would be allowed if the host document used HTTP connection". If my interpretation is correct, this is exactly the mode which is required for painless transition to fully encrypted mode in the future. Currently either you convert all content to HTTPS connections and do not embed any HTTP content, or you cannot use HTTPS connection for the host document. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
