Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
mozilla.support.firefox
Message from discussion HSTS Preload list and user settings for certs?

View parsed - Show only message text

Received: by 10.68.138.14 with SMTP id qm14mr3258556pbb.5.1352391387921;
        Thu, 08 Nov 2012 08:16:27 -0800 (PST)
Path: s9ni87692pbb.0!nntp.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 08 Nov 2012 10:16:27 -0600
Date: Thu, 08 Nov 2012 11:16:27 -0500
From: WaltS <wls15...@REMOVEyahoo.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
Newsgroups: mozilla.support.firefox
Subject: Re: HSTS Preload list and user settings for certs?
References: <U5mdnelbxo-GsArNnZ2dnUVZ_rednZ2d@mozilla.org> <15KdnVQhldPHJwbNnZ2dnUVZ_q6dnZ2d@mozilla.org> <K7WdnYLOEMvMSwbNnZ2dnUVZ_qydnZ2d@mozilla.org>
In-Reply-To: <K7WdnYLOEMvMSwbNnZ2dnUVZ_qydnZ2d@mozilla.org>
Message-ID: <squdnaNDJ_hGRwbNnZ2dnUVZ_tOdnZ2d@mozilla.org>
Lines: 36
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 68.162.131.81
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-1qXITzDJp143mF6XbijhcbA8gW/FA+i/ye6GLd7FLmPafuhdK1ey2lWiuSLCM+4ElFnyQQXkNHZhwJ4!zeUVfQYzetuZE/PkSxgurLxPjtDx9Wxgwsp0fl8ikaNqW7bGWG21xDfSr7UbJ3PuFyjcAZ0YpbGU!Q5PsYm/3wPur
X-Complaints-To: abuse@mozilla.org
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
Bytes: 2637
X-Original-Bytes: 2576
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 11/08/2012 10:57 AM, Morgana wrote:
> On 08-Nov-2012 08:57, WaltS wrote:
>> On 11/04/2012 10:06 PM, Desiree wrote:
>>> How does forcing HSTS on sites on the Preload list affect, if at all, the
>>> user's cert permissions setup for Fx?  Will this interfere with my
>>> expectations that Fx will ask me each time it tries to go to an SSL site
>>> that uses Comodo/Comodo related or Go Daddy certs which I have as
>>> Untrusted
>>> in all my browsers? Or will Fx (if the site is on the Preload list)
>>> override
>>> my settings and just go there without first asking me what to do? If this
>>> occurs, how will I be able to turn off this feature so it doesn't
>>> interfere
>>> with my setup for what cert authorities I trust/do not trust?  What
>>> version
>>> of Fx will this be implemented in? I currently use Fx 4 and 10 ESR
>>> which do
>>> not have this.
>>>
>>>
>>
>> What did I miss?
>>
>> What is a HSTS Preload list?
>>
>
> https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_Strict_Transport_Security
>

Ah! Thank you. :)

-- 
Fedora 17 (64-bit) KDE 4.9.2
Thunderbird Beta (17.0) Install and test it
One state should not decide an election
http://www.nationalpopularvote.com/

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google