Does FF 32's MITM attack blocking cover the same things as HTTPS everytwhere or do they still do different things?
I'm trying to understand exactly what the MITM protections in FF32 cover. ie is Https everywhere redundant or are they still covering other things?
الحل المُختار
hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).
http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html
Read this answer in context 👍 0All Replies (1)
الحل المُختار
hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).
http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html