搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

HTTPS, Support.mozilla.org versus Firefox realeses

  • 2 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 Mace2

more options

Why does Mozilla support HTTPS with E.V (Green https) for the forum but does not support Https E.V. for download of Firefox versions from "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/"

Since downloading the correct authenticated version of Firefox is important to prevent counterfeit Firefox browsers. Why is the download site "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" not HTTPS E.V ?

Why does Mozilla support HTTPS with E.V (Green https) for the forum but does not support Https E.V. for download of Firefox versions from "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" Since downloading the correct authenticated version of Firefox is important to prevent counterfeit Firefox browsers. Why is the download site "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" not HTTPS E.V ?

所有回复 (2)

more options

Hello!

The EV certificate has as minimal to no purpose when it comes to downloading Firefox. No user authentication or logging info is being sent out so there is less security risks. Secondly, even if there was an EV certificate for the Firefox download it would not play any role in protecting the user for a "counterfeit" Firefox. In cases for this website will post the md5 hash or sha-512 hash of the file so when the user downloads the file they are able to see if the hash matches. In any case, the chances of someone uploading a "counterfeit" Firefox on to the FTP server is slim to none.

more options

I strongly disagree Microbot. Mozilla is paying for the privilege to provide the service of a high Https EV just like banks. Since they Mozilla is already using it they should place the "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" under that additional protection.