1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security experts welcome Firefox encryption move

Discussion in 'CSO' started by RSS, Apr 7, 2015.

  1. RSS

    RSS New Member Member

    Security experts welcomed Mozilla's move to add "opportunistic encryption" to its Firefox Web browser, providing unauthenticated encryption over TLS for data that otherwise would have been in the clear.

    According to Patrick McManus, a network developer for Mozilla, this helps protect against passive eavesdropping, and also provides some integrity protection for data.

    It does not protect against active man-in-the-middle attacks, however, so he encouraged the use of full encryption via https for everyone who was able to do so.

    "But if you have long tail of legacy content that you cannot yet get migrated to HTTPS, commonly due to mixed-content rules and interactions with third parties, opportunistic encryption ... is a strict improvement over the cleartext alternative," he wrote in a blog post describing the new feature.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page