Date: Fri, 1 May 2015 23:41:22 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: On sanctioned MITMs On Sat, May 02, 2015 at 01:58:15AM +0300, Solar Designer wrote: > Hi, > > I feel that this is borderline off-topic for oss-security because of > no specific relevance to Open Source, unless the discussion is somehow > refocused on aspects that are directly Open Source relevant - e.g., > "should we block these CDNs (and how) in Open Source software's > SSL/TLS certificate validity checks because of those specific risks" - > that's just an example of what would bring the discussion on-topic for > this list, not an actual suggestion (I think such blocking would be > bad). Hi. Yes, that might not have been clear because I didn't say so explicitly. But, implicit in my post was a question of how infosec and its intersection with OSS (i.e. security policies in FF/Chromium/etc.) should consider this situation and its implications. --mancha Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ