Firefox to force secure connections for selected domains

Discussion in 'other security issues & news' started by ronjor, Nov 2, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,848
    Location:
    Texas
    https://www.infoworld.com/d/security/firefox-force-secure-connections-selected-domains-206292
     
    ronjor, Nov 2, 2012
    #1
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    To make them handy to anyone interested...

    Mozilla blog entry on this
    https://blog.mozilla.org/security/2012/11/01/preloading-hsts/

    Implement support for preloaded strict-transport-security (HSTS) sites
    https://bugzilla.mozilla.org/show_bug.cgi?id=760307

    Provide mechanism for sites to register as HSTS-always
    https://bugzilla.mozilla.org/show_bug.cgi?id=643922

    I haven't read all that carefully yet, but as long as the browser admin can disable this and HSTS across the board or on a site by site basis, and easily MITM SSL connections even for HSTS sites, it seems like an OK feature. It does appear that some certificate issues are being worked out:

    https://bugzilla.mozilla.org/show_bug.cgi?id=800882

     
    TheWindBringeth, Nov 2, 2012
    #2
  3. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Pinga, Nov 2, 2012
    #3
  4. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    encus, Nov 14, 2012
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...