Hi all,
On Wed, Dec 05, 2007 at 02:55:39PM +0200, Eddy Nigg (StartCom Ltd.) wrote:
> To make the story even shorter, in order to perform this MITM they use a
> wild card asterisk like CN=* ? Personally I'm completely against any
I know of at least one enterprise setup where it has been implemented
exactly like that. I am still waiting on the name of the product they are
using, though.
> kind of MITM and rather would block https/port 443 altogether as a
> better policy....but I guess this any discussion about this subject is
> beyond the scope of this discussion.
True :-)
> I'm not sure, but would be a configuration hack (about:config) or
> similar possible to allow the old behavior, whereas the one proposed
> from Nelson would be the default? But I'm sure it's hard to please
Sounds feasible to me. In the enterprise setting, it is typically
possible to configure the client (Mozilla in that case) on the user's
desktop - and for the typical home user, I agree that the new way is
definitely a better default.
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer | [EMAIL PROTECTED]
mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer:
Bad Homburg v. d. Höhe | | Martin Bartosch
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
