Re: Proposal: Switch generic icon to negative feedback for non-https sites
On 8/10/2014 8:16 PM, David E. Ross wrote: On 8/10/2014 4:09 PM, Matt Palmer wrote: On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: Anyone wishing to argue this issue further -- to argue in favor of implementing a scheme to encourage all Web sites to be HTTPS with site certificates -- should first read http://www.2rosenthals.net/wordpress/googles-https-everywhere-initiative-not-so-fast-994/. The blogger is a certificate reseller and also a computer systems integrator. Thus, he is a professional in the area of computer systems, including security. How do you get from resells certificates and bolts parts together to he is a professional in [...] security? I won't deny that he is in the computer systems profession (in the very precise definition of for a livelihood), but beyond that, you're drawing an *exceptionally* long bow. - Matt I was a computer systems integrator for over 30 years. I fully understand what integrator means. In my career, sopftware integration often included dealing with secure systems and how they were made secure. Let me put dealing in context. I wrote the specifications for the software including the components that handled the security of databases, displays, and printouts. I tested the software in an end-user environment, after which I sometimes rejected it and sent it back to the developer. I prepared the user documentation for the software. And I taught classes to U.S. Air Force officers on how to use the software. All this was for software systems used to operate earth-orbiting, classified, military space satellites. I understand secure software systems, and Rosenthal's blog makes sense to me. Rosenthal is also a reseller of X.509 subscriber certificates, which should mean he understands Internet security. Otherwise, how is he allowed to sell such certificates? Add those two concepts together. I will not further defend Rosenthal. I think he is competent to defend himself. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See http://www.rossde.com/editorials/edtl_PutinUkraine.html. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Proposal: Switch generic icon to negative feedback for non-https sites
On 11/08/14 04:16, David E. Ross wrote: Rosenthal is also a reseller of X.509 subscriber certificates, which should mean he understands Internet security. Otherwise, how is he allowed to sell such certificates? I don't often say this, because it's not often true, but... LOL. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Proposal: Switch generic icon to negative feedback for non-https sites
Can we please declare this thread closed? The level of debate has gotten a little low. --Richard On Aug 9, 2014, at 7:53 PM, David E. Ross nobody@nowhere.invalid wrote: On 7/19/2014 11:54 AM, Daniel Roesler wrote: Howdy all, Yesterday, I created a bug proposing that Firefox switch the generic url icon to a negative feedback icon for non-https sites. https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 I created this bug because it's time we start treating insecure connections as a Bug. There is so much open wifi available to the modern internet user that a significant portion Firefox users' requests can be sniffed. If that request is insecure, it makes session hijacking, MITM, and metadata attacks trivially easy. Not using https should now be bad practice and considered harmful. Mozilla should be a leader and push websites to start securing their connections. Many of the largest websites already default to https, and it's time to start bringing the rest on board. Having negative feedback for insecure connections offers a huge incentive to fixing the larger Bug of insecure connections. Thanks and looking forward to any discussion, Daniel Roesler diaf...@gmail.com Anyone wishing to argue this issue further -- to argue in favor of implementing a scheme to encourage all Web sites to be HTTPS with site certificates -- should first read http://www.2rosenthals.net/wordpress/googles-https-everywhere-initiative-not-so-fast-994/. The blogger is a certificate reseller and also a computer systems integrator. Thus, he is a professional in the area of computer systems, including security. Although he has a vested interest in selling site certificates, he argues against the idea that all Web sites should be HTTPS. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See http://www.rossde.com/editorials/edtl_PutinUkraine.html. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Proposal: Switch generic icon to negative feedback for non-https sites
Yes, I started this thread. I officially declare this thread closed...even though I have no ability to enforce it. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy