(Not sure if this is the right mailing list, but while I'm not sure
how exactly the PKI operations of the government of Estonia are
structured organizationally, on surface it looks like this is related
to client cert activities of a CA that is Mozilla-trusted for server
certs.)
A Medium post claiming[1] to represent Estonia e-residency
https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52
instructs Mac users not to update Firefox from December 15 2017 onwards.
The post claims that there is a Firefox release scheduled for December
15 2017, but I don't see one at
https://wiki.mozilla.org/RapidRelease/Calendar . (There is one
scheduled whose month and day are both off by one compared to the date
stated: November 14.)
Regardless of the date, instructing users not to update their browser
is not good in terms of security.
The post doesn't explain in technical detail the reason for the
recommendation not to update. Why is not updating being recommended?
[1] I don't understand why this wasn't published on a domain belonging
to the government of Estonia. I don't know how to validate that a
Medium blog belongs to who it claims to belong to. However, I hear
that a link to this post was distributed to e-residents in a manner
that suggests that this blog actually belongs to whom it claims to
belong.
--
Henri Sivonen
hsiv...@hsivonen.fi
https://hsivonen.fi/