What should we do with sites with incomplete certificate chains? I just noticed that my Firefox will download extra certificates on the fly (and so doesn't complain about the missing certificate(s)) while the Firefox instance that starts by calling ./test.sh --justrun will not (and perhaps neither other clients).
Should we write a rule for such a site (e.g. bundesrat.de) or should their implementation be regarded as broken?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
