David E. Ross wrote: > On 7/9/2007 1:07 PM, Gervase Markham wrote: >> Michael Vincent van Rantwijk, MultiZilla wrote: >>> Hm, and where is this 15% coming from? Just another assumption? >> It's a conservative estimate of the market share of Firefox. >> >> Gerv > > That implies the assumption that ALL Firefox users would then be using > this feature.
No - the assumption is that Firefox users will be evenly represented in the set of people doing the download. Yes, this is an assumption, and I admit to it. However, Firefox users don't "use" the feature - that's the entire _point_. The checking is done without any input from them. So everyone who downloads an LF URL with Firefox will be using the feature. > As I previously indicated, this feature should be optional so that users > could still download when there is a hash mismatch. If there is no such > option, then you will be enforcing security to a greater degree than is > done with SSL and X.509 certificates, which allow a user to continue > even with a certificate mismatch. Not soon. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
