[cabfpub] 答复: 360 Browser & Cert Validation

Gervase Markham gerv at mozilla.org
Thu Apr 9 11:09:35 UTC 2015


On 09/04/15 10:30, 高寒蕊 wrote:
> Since last Oct, we have enabled the interception page to display
> warning messages for some sites which use invalid or expired
> certificates. But taking the China specific situation into
> consideration, this mechanism wasn't enabled for all sites. We have a
> list on cloud which controls for which sites the interception page
> should be displayed. And for those sites out of the list, we use the
> original means to warn the users, i.e., in both address-bar and the
> yellow infobar.

This explanation makes it sound like you have a list of sites which get
the secure behaviour (i.e. interception page, no cookies sent) and every
other site gets the insecure behaviour...

> The list on cloud could be updated and come into force immediately
> when 360 sercurity team find any suspectables. So it can provide
> bothe the safety control and an acceptable experience for local
> users.

So the only sites where you use the secure behaviour are those known to
the 360 team to be malicious?


More information about the Public mailing list