[cabfpub] 答复: 答复: 360 Browser & Cert Validation

[高寒蕊]

Answers inline: 

-----邮件原件-----
发件人: Gervase Markham [mailto:gerv at mozilla.org] 
发送时间: 2015年4月9日 19:10
收件人: 高寒蕊; Erwann Abalea; public at cabforum.org
抄送: 石晓虹
主题: Re: [cabfpub] 答复: 360 Browser & Cert Validation

Hi,

On 09/04/15 10:30, 高寒蕊 wrote:
> Since last Oct, we have enabled the interception page to display 
> warning messages for some sites which use invalid or expired 
> certificates. But taking the China specific situation into 
> consideration, this mechanism wasn't enabled for all sites. We have a 
> list on cloud which controls for which sites the interception page 
> should be displayed. And for those sites out of the list, we use the 
> original means to warn the users, i.e., in both address-bar and the 
> yellow infobar.

This explanation makes it sound like you have a list of sites which get the secure behaviour (i.e. interception page, no cookies sent) and every other site gets the insecure behaviour...

- Yes.

> The list on cloud could be updated and come into force immediately 
> when 360 sercurity team find any suspectables. So it can provide bothe 
> the safety control and an acceptable experience for local users.

So the only sites where you use the secure behaviour are those known to the 360 team to be malicious?

- Yes. And so far, 360 secure team is the most reliable one and has the largest libs in China.

Gerv