Hi Jeffrey, On 02/12/2012 11:54 AM, Jeffrey Walton wrote: > For what its worth, pinning the certificate can usually remediate > these sorts of MitM attacks, but Mozilla subverted it: > http://ssl.entrust.net/blog/?p=615. Please take a look at our security roadmap ( https://wiki.mozilla.org/Security/Roadmap ). You will see that CA pinning is a P1 Feature which means it is actively being worked on. In fact our update service does already some sort of pinning (for securely retrieving updates), it's just that failures are not reported right now. It's possible that this sort of pinning could be extended to other services and also alert the user (and/or us, if that is possible somehow). Cheers, Chris
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/