HTTPS, Support.mozilla.org versus Firefox realeses
Why does Mozilla support HTTPS with E.V (Green https) for the forum but does not support Https E.V. for download of Firefox versions from "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/"
Since downloading the correct authenticated version of Firefox is important to prevent counterfeit Firefox browsers. Why is the download site "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" not HTTPS E.V ?
Tutte le risposte (2)
Hello!
The EV certificate has as minimal to no purpose when it comes to downloading Firefox. No user authentication or logging info is being sent out so there is less security risks. Secondly, even if there was an EV certificate for the Firefox download it would not play any role in protecting the user for a "counterfeit" Firefox. In cases for this website will post the md5 hash or sha-512 hash of the file so when the user downloads the file they are able to see if the hash matches. In any case, the chances of someone uploading a "counterfeit" Firefox on to the FTP server is slim to none.
I strongly disagree Microbot. Mozilla is paying for the privilege to provide the service of a high Https EV just like banks. Since they Mozilla is already using it they should place the "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" under that additional protection.