Avatar for Username

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Does FF 32's MITM attack blocking cover the same things as HTTPS everytwhere or do they still do different things?

  • 1 (رد واحد)
  • 1 has this problem
  • 4 views
  • آخر ردّ كتبه philipp

Garlic
Garlic
more options

I'm trying to understand exactly what the MITM protections in FF32 cover. ie is Https everywhere redundant or are they still covering other things?

I'm trying to understand exactly what the MITM protections in FF32 cover. ie is Https everywhere redundant or are they still covering other things?

الحل المُختار

hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).

http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html

Read this answer in context 👍 0

All Replies (1)

philipp
philipp
  • Moderator
more options

الحل المُختار

hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).

http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html