[cabfpub] 答复: 答复: 360 Browser & Cert Validation
gaohanrui at 360.cn
Thu Apr 9 23:35:24 MST 2015
发件人: Gervase Markham [mailto:gerv at mozilla.org]
发送时间: 2015年4月9日 19:10
收件人: 高寒蕊; Erwann Abalea; public at cabforum.org
主题: Re: [cabfpub] 答复: 360 Browser & Cert Validation
On 09/04/15 10:30, 高寒蕊 wrote:
> Since last Oct, we have enabled the interception page to display
> warning messages for some sites which use invalid or expired
> certificates. But taking the China specific situation into
> consideration, this mechanism wasn't enabled for all sites. We have a
> list on cloud which controls for which sites the interception page
> should be displayed. And for those sites out of the list, we use the
> original means to warn the users, i.e., in both address-bar and the
> yellow infobar.
This explanation makes it sound like you have a list of sites which get the secure behaviour (i.e. interception page, no cookies sent) and every other site gets the insecure behaviour...
> The list on cloud could be updated and come into force immediately
> when 360 sercurity team find any suspectables. So it can provide bothe
> the safety control and an acceptable experience for local users.
So the only sites where you use the secure behaviour are those known to the 360 team to be malicious?
- Yes. And so far, 360 secure team is the most reliable one and has the largest libs in China.
More information about the Public