The maintainers should be reachable at:
pkg-mozilla-maintain...@lists.alioth.debian.org
Perhaps you should also ask them to package the DNSSEC validatioin
plugin for Firefox:
http://www.internetsociety.org/deploy360/resources/how-to-add-dnssec-support-to-mozilla-firefox/
I believe there will be no good security without DNSSEC/DANE, though
methods like certificate-pinning do already provide some sort of defence
against rogue certificates at least as long as they become issued by a
different certification authority:
http://webmasters.stackexchange.com/questions/35597/how-to-find-domain-registrar-and-dns-hosting-with-good-dnssec-support
Basically the certificate verification workflow as it currently is, is
seriously flawed:
* warnings on self-signed certificates while there is no warning on
non-authenticated http access.
* the DNSSEC plugin does not protect you from references inside a site
which are not secured by DNSSEC/DANE
(afaik only the bloodhound browser does.)
* if https or dnssec/dane is activated it should display a warning as
soon as a site does not provide
encryption and a proper certificate
(perhaps some issues to be reported upstreams at bugzilla.mozilla.org)
... apart from the even more compelling issues like the poodle bug, of
course.
I would personally also welcome a professional and soon fix/workaround
for the poodle bug though it may just be one of many. Having to do all
of it on your own is somewhat more error prone apart from the fact that
only little users will know about it.
Am 16.10.14 um 22:17 schrieb Yves-Alexis Perez:
On jeu., 2014-10-16 at 10:28 -0500, Marco Galicia wrote:
*shoulnd't iceweasel be recompiled to include this option in the
complilation settings??*
You're not asking at the correct place, it's a bit unlikely the
maintainer read that list.
But in any case, Mozilla themselves intend to disable SSLv3 in future
Firefox releases.
Regards,
