Date: Fri, 1 May 2015 23:41:22 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: On sanctioned MITMs On Sat, May 02, 2015 at 01:58:15AM +0300, Solar Designer wrote: > Hi, > > I feel that this is borderline off-topic for oss-security because of > no specific relevance to Open Source, unless the discussion is somehow > refocused on aspects that are directly Open Source relevant - e.g., > "should we block these CDNs (and how) in Open Source software's > SSL/TLS certificate validity checks because of those specific risks" - > that's just an example of what would bring the discussion on-topic for > this list, not an actual suggestion (I think such blocking would be > bad). Hi. Yes, that might not have been clear because I didn't say so explicitly. But, implicit in my post was a question of how infosec and its intersection with OSS (i.e. security policies in FF/Chromium/etc.) should consider this situation and its implications. --mancha Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.