Widespread Firefox issues
Keith Medcalf
kmedcalf at dessus.com
Sat May 4 03:14:53 UTC 2019
HTTPS: has nothing to do with the website being "secure". https: means that transport layer security (encryption) is in effect. https: is a PRIVACY measure, not a SECURITY measure.
---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
>-----Original Message-----
>From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Constantine
>A. Murenin
>Sent: Friday, 3 May, 2019 21:02
>To: Brielle Bruns
>Cc: NANOG list
>Subject: Re: Widespread Firefox issues
>
>On Fri, 3 May 2019 at 20:57, Brielle Bruns <bruns at 2mbit.com> wrote:
>
>
> Just an FYI since this is bound to impact users:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
>
> Basically, Mozilla forgot to renew an intermediate cert, and
>people's
> Firefox browsers have mass-disabled addons.
>
> Whoops.
>
>
>
>This is why it's important that every single website on the internet
>is available ONLY over HTTPS. Don't forget to install an HSTS
>policy, too, so, if anyone ever visits Kazakhstan or a security-
>conscious corporate office, they'll be prevented from accessing the
>cute pictures of cats on your fully static website. Of course, don't
>forget to abandon HTTP, too, and simply issue 301 Moved Permanently
>redirects from all HTTP targets to HTTPS, to cover all the bases.
>
>Backwards compatibility? Don't you worry — no browser lets anyone
>remove HSTS, once installed, so, you're golden. And HTTPS links
>won't fallback to HTTP, either, so, you're good there, too — your
>cute cats are safe and secure, and once folks link to your new site
>under https://, your future self will be safe and secure from ever
>having the option to go insecure again. I mean, why would anyone go
>"insecure"? Especially now with LetsEncrypt?
>
>
>Oh, wait…
>
>
>Wait a moment, and who's the biggest player behind the HTTPS-only
>movement? Oh, and Mozilla's one of the biggest backers of
>LetsEncrypt, too? I see… Well, nothing to see here, move along!
>#TooBigToFail.
>
>
>C.
More information about the NANOG
mailing list