On Mon, Nov 24, 2008 at 6:47 PM, Gregory Maxwell gmaxwell@gmail.com wrote:
You get no warning *at all* on non-origin network access for applets signed by an approved key. For example: http://www.jcraft.com/jorbis/player/JOrbisPlayer.php?play=http%3A%2F%2Fuploa...
When I visit that URL (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4), I get a pop-up: "The application's digital signature has been verified. Do you want to run the application?"