Gijs Kruitbosch writes:
>(Some) People who "do" Firefox UI read this group. If you have concrete/
>constructive suggestions, please file bugs or write to more topical mailing
>lists - especially if you think there are things we should do "frontend"-
>wise to improve
(With apologies for the off-topic drift)
On 27/09/2016 12:49, Peter Gutmann wrote:
Jakob Bohm writes:
This tells me that Firefox OCSP defaults are *insecure* and reaffirms my
impression that Firefox has completely dropped the ball on CRL handling
(Since the security-on
Jakob Bohm writes:
>This tells me that Firefox OCSP defaults are *insecure* and reaffirms my
>impression that Firefox has completely dropped the ball on CRL handling
>(Since the security-on setting is for OCSP only).
No, it tells me that the Firefox developers applied
On 27/09/2016 09:31, Kurt Roeckx wrote:
On 2016-09-27 01:18, Jakob Bohm wrote:
It would perhaps be useful if you could dispute, using Firefox as an
example, and considering the real deployment (not the theorhetical
abstract of ways in which someone 'might' configure about:flags, but
no one can
On 2016-09-27 01:18, Jakob Bohm wrote:
It would perhaps be useful if you could dispute, using Firefox as an
example, and considering the real deployment (not the theorhetical
abstract of ways in which someone 'might' configure about:flags, but
no one can and still have the same experience), the
On 23/09/2016 18:46, Ryan Sleevi wrote:
On Friday, September 23, 2016 at 9:15:48 AM UTC-7, Jakob Bohm wrote:
they are nowhere as bad as proponents of
extreme centralization schemes claim.
Citation needed. It would seem that you're not familiar with the somewhat
well-accepted industry state
and what that might look like--beyond
the obvious impact it has to current cert holders.
Original Message
From: Ryan Sleevi
Sent: Friday, September 23, 2016 10:27 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Time to distrust
On Friday, September 23, 2016 at 6:03:01 AM UTC-7
On 23/09/16 17:15, Jakob Bohm wrote:
> Mechanisms such as OneCRL tend to be horribly incomplete. Just in the
> past few months there has been repeated mention on this list of revoked
> certificates that were not on OneCRL, only on the CA CRLs.
OneCRL is not intended to be a comprehensive list of
On Friday, September 23, 2016 at 9:15:48 AM UTC-7, Jakob Bohm wrote:
>they are nowhere as bad as proponents of
> extreme centralization schemes claim.
Citation needed. It would seem that you're not familiar with the somewhat
well-accepted industry state of the art.
It would perhaps be useful if
On 23/09/2016 17:27, Ryan Sleevi wrote:
On Friday, September 23, 2016 at 6:03:01 AM UTC-7, Peter Kurrasch wrote:
* Revocation: If a particular cert has been revoked for any reason, I should
be able to find that out so that I will know not to use it. Ideally this is
handled automatically in
On 22/09/16 03:00, Peter Kurrasch wrote:
> Well, well. Here we are again, Ryan, with you launching into a bullying,
> personal attack on me instead of seeking to understand where I'm coming
> from and why I say the things I say.
Er, no. I am entirely comfortable with saying that if you found
Well, well. Here we are again, Ryan, with you launching into a bullying, personal attack on me instead of seeking to understand where I'm coming from and why I say the things I say. You may have noticed that I do
On Wednesday, September 21, 2016 at 12:05:49 PM UTC-7, Peter Kurrasch wrote:
> I have a hard time seeing how any sort of white list solution will actually
> mitigate any of the bad behavior exhibited by WoSign.
This doesn't help understand where your disconnect is, or how we might educate
and
I have a hard time seeing how any sort of white list solution will actually mitigate any of the bad behavior exhibited by WoSign. From my perspective, I think we can make a pretty clear case that WoSign is a
14 matches
Mail list logo