On Mon, Nov 24, 2008 at 6:47 PM, Gregory Maxwell <gmaxwell(a)gmail.com> wrote:
You get no warning *at all* on non-origin network
access for applets
signed by an approved key. For example:
http://www.jcraft.com/jorbis/player/JOrbisPlayer.php?play=http%3A%2F%2Fuplo…
When I visit that URL (Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4), I get
a pop-up: "The application's digital signature has been verified. Do
you want to run the application?"