On Tuesday, 2 May 2017 14:52:52 UTC+1, Gervase Markham wrote:
> Group participants may be interested in David Keeler's analysis of why
> Firefox seemed to be seeing cert pinning mismatches for Mozilla properties:
> https://people-mozilla.org/~dkeeler/deployment-checker-analysis.html
Indeed, that was interesting. In respect of "stale DNS" I will suggest an
alternate explanation that seems plausible for the relatively small volumes
involved - /etc/hosts and its moral equivalents on other systems are often
changed in order to troubleshoot something and then simply never put back how
they were originally. So a correct (at the time) address might be copied into a
hosts file while trying to fix some issue such as DNS or connectivity problems,
and then simply never removed (after all it still works ... for now)
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
