[cabfpub] 答复: 360 Browser & Cert Validation
gerv at mozilla.org
Thu Apr 9 04:09:35 MST 2015
On 09/04/15 10:30, 高寒蕊 wrote:
> Since last Oct, we have enabled the interception page to display
> warning messages for some sites which use invalid or expired
> certificates. But taking the China specific situation into
> consideration, this mechanism wasn't enabled for all sites. We have a
> list on cloud which controls for which sites the interception page
> should be displayed. And for those sites out of the list, we use the
> original means to warn the users, i.e., in both address-bar and the
> yellow infobar.
This explanation makes it sound like you have a list of sites which get
the secure behaviour (i.e. interception page, no cookies sent) and every
other site gets the insecure behaviour...
> The list on cloud could be updated and come into force immediately
> when 360 sercurity team find any suspectables. So it can provide
> bothe the safety control and an acceptable experience for local
So the only sites where you use the secure behaviour are those known to
the 360 team to be malicious?
More information about the Public