info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Estonia e-residency instructing users not to update Firefox (on Mac)
265 views
Skip to first unread message
Henri Sivonen
Nov 2, 2017, 6:40:33 AM11/2/17
to dev-secur...@lists.mozilla.org
(Not sure if this is the right mailing list, but while I'm not sure
how exactly the PKI operations of the government of Estonia are
structured organizationally, on surface it looks like this is related
to client cert activities of a CA that is Mozilla-trusted for server
certs.)
A Medium post claiming[1] to represent Estonia e-residency
https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
instructs Mac users not to update Firefox from December 15 2017 onwards.
The post claims that there is a Firefox release scheduled for December
15 2017, but I don't see one at
https://wiki.mozilla.org/RapidRelease/Calendar . (There is one
scheduled whose month and day are both off by one compared to the date
stated: November 14.)
Regardless of the date, instructing users not to update their browser
is not good in terms of security.
The post doesn't explain in technical detail the reason for the
recommendation not to update. Why is not updating being recommended?
[1] I don't understand why this wasn't published on a domain belonging
to the government of Estonia. I don't know how to validate that a
Medium blog belongs to who it claims to belong to. However, I hear
that a link to this post was distributed to e-residents in a manner
that suggests that this blog actually belongs to whom it claims to
belong.
--
Henri Sivonen
hsiv...@hsivonen.fi
https://hsivonen.fi/
how exactly the PKI operations of the government of Estonia are
structured organizationally, on surface it looks like this is related
to client cert activities of a CA that is Mozilla-trusted for server
certs.)
A Medium post claiming[1] to represent Estonia e-residency
https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
instructs Mac users not to update Firefox from December 15 2017 onwards.
The post claims that there is a Firefox release scheduled for December
15 2017, but I don't see one at
https://wiki.mozilla.org/RapidRelease/Calendar . (There is one
scheduled whose month and day are both off by one compared to the date
stated: November 14.)
Regardless of the date, instructing users not to update their browser
is not good in terms of security.
The post doesn't explain in technical detail the reason for the
recommendation not to update. Why is not updating being recommended?
[1] I don't understand why this wasn't published on a domain belonging
to the government of Estonia. I don't know how to validate that a
Medium blog belongs to who it claims to belong to. However, I hear
that a link to this post was distributed to e-residents in a manner
that suggests that this blog actually belongs to whom it claims to
belong.
--
Henri Sivonen
hsiv...@hsivonen.fi
https://hsivonen.fi/
Gervase Markham
Nov 2, 2017, 10:51:50 AM11/2/17
to mozilla-dev-s...@lists.mozilla.org
On 02/11/17 10:39, Henri Sivonen wrote:
> A Medium post claiming[1] to represent Estonia e-residency
> https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
> instructs Mac users not to update Firefox from December 15 2017 onwards.
The policy team will be making contact with the Estonian government to
> A Medium post claiming[1] to represent Estonia e-residency
> https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
> instructs Mac users not to update Firefox from December 15 2017 onwards.
attempt to work out what the logic is behind this requirement and try
and get the post updated as necessary.
Gerv
Gervase Markham
Nov 8, 2017, 2:00:13 AM11/8/17
to Henri Sivonen
On 02/11/17 11:39, Henri Sivonen wrote:
> A Medium post claiming[1] to represent Estonia e-residency
> https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
> instructs Mac users not to update Firefox from December 15 2017 onwards.
Thank you for this report; the Estonian e-residency team has updated the
> A Medium post claiming[1] to represent Estonia e-residency
> https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
> instructs Mac users not to update Firefox from December 15 2017 onwards.
blog post to remove the advice about not updating Firefox.
Gerv
0 new messages