nanog mailing list archives

RE: Widespread Firefox issues

From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Fri, 03 May 2019 21:14:53 -0600


HTTPS: has nothing to do with the website being "secure".  https: means that transport layer security (encryption) is 
in effect.  https: is a PRIVACY measure, not a SECURITY measure.

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Constantine
A. Murenin
Sent: Friday, 3 May, 2019 21:02
To: Brielle Bruns
Cc: NANOG list
Subject: Re: Widespread Firefox issues

On Fri, 3 May 2019 at 20:57, Brielle Bruns <bruns () 2mbit com> wrote:

      Just an FYI since this is bound to impact users:

      https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

      Basically, Mozilla forgot to renew an intermediate cert, and
people's
      Firefox browsers have mass-disabled addons.

      Whoops.

This is why it's important that every single website on the internet
is available ONLY over HTTPS.  Don't forget to install an HSTS
policy, too, so, if anyone ever visits Kazakhstan or a security-
conscious corporate office, they'll be prevented from accessing the
cute pictures of cats on your fully static website.  Of course, don't
forget to abandon HTTP, too, and simply issue 301 Moved Permanently
redirects from all HTTP targets to HTTPS, to cover all the bases.

Backwards compatibility?  Don't you worry — no browser lets anyone
remove HSTS, once installed, so, you're golden.  And HTTPS links
won't fallback to HTTP, either, so, you're good there, too — your
cute cats are safe and secure, and once folks link to your new site
under https://, your future self will be safe and secure from ever
having the option to go insecure again.  I mean, why would anyone go
"insecure"?  Especially now with LetsEncrypt?

Oh, wait…

Wait a moment, and who's the biggest player behind the HTTPS-only
movement?  Oh, and Mozilla's one of the biggest backers of
LetsEncrypt, too?  I see…  Well, nothing to see here, move along!
#TooBigToFail.

C.

Current thread:

Re: Widespread Firefox issues, (continued)
- - - Re: Widespread Firefox issues Töma Gavrichenkov (May 04)
    - Re: Widespread Firefox issues Karl Auer (May 04)
    - Re: Widespread Firefox issues Randy Bush (May 04)
    - Re: Widespread Firefox issues Valdis Klētnieks (May 04)
    - Re: Widespread Firefox issues Mark Foster (May 04)
    - Re: Widespread Firefox issues Lee (May 04)
    - Re: Widespread Firefox issues Hank Nussbacher (May 04)
    - Re: Widespread Firefox issues Patrick Schultz (May 06)
    - Re: Widespread Firefox issues William Herrin (May 04)
- Re: Widespread Firefox issues Constantine A. Murenin (May 03)
  - RE: Widespread Firefox issues Keith Medcalf (May 03)
    - Re: [EXT] RE: Widespread Firefox issues Charles Bronson (May 04)
    - Re: [EXT] RE: Widespread Firefox issues Valdis Klētnieks (May 04)