> So far, we've taken the stance that we should avoid treating Google > specially. Perhaps it is time to admit that perfect is the enemy of > the good here. We should find some way to work with Google and other > Google-like targets to get their SSL-related metadata preloaded into > Firefox sooner than our current policy would otherwise allow.
Is there a clear set of requirements in terms of what we need to support for Google? Are there similar issues for FB, Twitter, and other major properties? I think that aiming for the whole web as a starting point could be painful, but starting with the Alex Top X (1000 or so) to start to shake out any major issues, the moving to the top million, and then the web would allow us to deal with the "high priority" sites that would impact useability. Am I being to conservative on this? Otherwise I totally agree with your proposal, and would like to know how we can help on the automation side of things to make sure those lists are generated and kept up to date. Cheers, Yvan Boily _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security