@mik235 @pzb @sleevi_ I read it the same way as Peter. Regardless, I removed support for *http://x.example.com and x*.example.com from Fx.
-
-
Replying to @BRIAN_____
@BRIAN_____@mik235@pzb Right, as we did in Chrome. So *shrug*1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@BRIAN_____@pzb so the CAs may choose to sign them, but the customer will have a useless certificate2 replies 0 retweets 0 likes -
Replying to @mik235
@mik235@BRIAN_____@pzb Useless for browsers, but that doesn't mean there aren't attack scenarios that they might leverage.1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@BRIAN_____@pzb HA! Browsers are the only program I've ever seen that even verifies the trust chain, let alone hostname stuff...1 reply 0 retweets 0 likes -
Replying to @mik235
@mik235@BRIAN_____@pzb Go does. AIUI Ruby does now, thanks to@bascule (AIUI). Python does, due to@ChristianHeimes. The world gets better2 replies 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@mik235@BRIAN_____@pzb@ChristianHeimes Ruby hostname verification fixes shipping soon. CVE-2015-1855: https://github.com/ruby/openssl/pull/12/files …2 replies 1 retweet 0 likes -
Replying to @ChristianHeimes
@ChristianHeimes@mik235@sleevi_@BRIAN_____@pzb yeah, the IDNA, and also *.*.* lol ;_;1 reply 0 retweets 1 like
@ChristianHeimes @mik235 @sleevi_ @BRIAN_____ @pzb yeah, I suppose the other cool thing about my patch is it does away with all regexps
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.