5 Jul 2012 22:19
Re: New MITM cert incident - Cyberoam
John Nagle <nagle <at> sitetruth.com>
2012-07-05 20:19:58 GMT
2012-07-05 20:19:58 GMT
On 7/4/2012 7:07 PM, Daniel Veditz wrote:
> If we implement cert pinning we'll either have to allow that kind of
> business to disable it, or write off our users who work for
> companies with that kind of control freakery. It's more common than
> you'd think, some of our own Mozilla community members work for
> companies with that kind of policy.
Any bypass mechanism should result in a user-visible display.
Perhaps a notification like "Your access to this page is being
observed by ...."
John Nagle
RSS Feed