On 09/23/2011 11:00 AM, NoOp wrote: > On 09/23/2011 04:19 AM, Justin Wood (Callek) wrote: >> On 9/23/2011 5:36 AM, Paul B. Gallagher wrote: >> ... >>> Full article (Mozilla stuff on p. 2): >>> <http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/> >>> >> >> ALSO >> http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611 >> >> Lastly, >> It is unclear at this point if the attack can be replicated in Firefox >> [Gecko] 7, which has the newer WebSocket protocol. We're working to get >> an answer from the bug reporters. >> >> For further discussion on this threat, I suggest m.d.platform rather >> than the SeaMonkey list, since its not just a SeaMonkey Issue... > > http://www.mozilla.org/about/forums/ > > I'm curious why you recommend: > mozilla.dev.platform > For people working on Mozilla-the-platform. > > rather than: > > mozilla.dev.tech.crypto > For discussions about cryptography, and cryptographic issues surrounding > the Mozilla source code. See the PKI project for more info. (Moderated.) > > or > > mozilla.dev.security > Security issues such as specific security problems or ideas for making > the code as a whole more secure can be discussed here. Cryptography, > however, is not within this group's charter. (Moderated.) > > Note: not disputing your recommendation; just trying to understand why > when the others (security & crypto) seem closer to the issue.
And I reckon that the post from Nelson Bolyard on bug pretty much settles that question: https://bugzilla.mozilla.org/show_bug.cgi?id=480514 [Implement TLS 1.2 (RFC 5246)] <quote> Nelson Bolyard (seldom reads bugmail) 2011-09-23 13:28:47 PDT Read comment 32 before posting any new comment. Bugzilla bugs are not a discussion forum. This is NOT the place for everyone to pile on with "I think this is important, too" comments. The place for those comments is the mozilla.dev.tech.crypto newsgroup. </quote> Also referenced: https://bugzilla.mozilla.org/show_bug.cgi?id=565047 [(RFC4346) Implement TLS 1.1 (RFC 4346)] Followup set to: mozilla.support.seamonkey as this is where this thread originated. However I suppose any additional technical posts regarding SeaMonkey (meaning other than general media notice/info), per Nelson's comments should actually be in mozilla.dev.tech.crypto. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
