My Favourites
opensubscriber
   Find in this group all groups
Home     Log In     Sign Up     FAQ    
 
Unknown more information…
d : dev-security@lists.mozilla.org 7 September 2011 • 2:07AM -0400

Re: OCSP Tracking
by Devdatta Akhawe

REPLY TO AUTHOR
 
REPLY TO GROUP



>
> Well, the list of IPs has been passed to Google, who are now able to
> warn people accessing Google from those IPs that there is a problem. So
> there are both good and bad sides to it.
>

Sure. But I think users would be very surprised to find that every
time they visit a SSL site, some server somewhere is noting down what
site they visited, and when.

-devdatta


>> Does  Mozilla have a policy on such
>> behavior (maybe this question should be on dev.security.policy) ? I
>> feel like CAs should be explicitly told (by Mozilla) to not log OCSP
>> requests.
>
> No policy at the moment.
>
> Gerv
> _______________________________________________
> dev-security mailing list
> dev-security@list...
> https://lists.mozilla.org/listinfo/dev-security
>
_______________________________________________
dev-security mailing list
dev-security@list...
https://lists.mozilla.org/listinfo/dev-security
Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.
© opensubscriber 2010
All rights reserved.

Alternate link - Alternate link