"Keystroke loggers are rapidly becoming the lure of choice for phishers. Their advantage is that they compromise information long before the information has a chance to be encrypted."
http://it.slashdot.org/it/05/05/05/1920253.shtml?tid=172
And IMO this in turn means we should not let ourselves get distracted to the point of single-mindedness by the whole issue of SSL certs and what protection they provide (or should provide), but rather also focus on minimizing the possibility that Firefox and other Mozilla-related products will be vectors for getting keystroke loggers and similar programs onto users' systems. This means not only addressing bugs causing vulnerabilities but also securing the "distribution chain" for Firefox-related code, particularly extensions, including whatever role code object signing might play in that.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
