> As others (and I) have mentioned, MitM is also how many ordinary > antivirus programs protect users from attacks. The hard part is > how to distinguish between malicious and user-helping systems.
Sure, but the question is whether MiTM have reasonable security use cases for ordinary users. If you download a file through https, antivirus can scan it as a file. If somebody is concerned about malicious Flash banners on https webpage, he/she should install an adblock. Allowing MiTM is such a security breach, that I doubt it can be that easily justified. For ordinary users, that is. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
