Does FF 32's MITM attack blocking cover the same things as HTTPS everytwhere or do they still do different things?
I'm trying to understand exactly what the MITM protections in FF32 cover. ie is Https everywhere redundant or are they still covering other things?
Vybrané riešenie
hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).
http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html
Čítať túto odpoveď v kontexte 👍 0Všetky odpovede (1)
Vybrané riešenie
hello Garlic, in case you're referring to public key pinning which first stage landed in firefox 32, this won't make HTTPS everywhere redundant. HTTPS everywhere tries to upgrade an unencrypted connection to an encrypted one wherever possible, whereas key pinning should insure that an encrypted connection is only established when the identity of a site is supported by the right root certificate (for sites which support that).
http://monica-at-mozilla.blogspot.co.at/2014/08/firefox-32-supports-public-key-pinning.html