Ben Bucksch wrote:
On 08.01.2009 23:35, Eddy Nigg wrote:
On 01/08/2009 11:44 PM, Ian G:
Well, what Firefox does is cert-exception-click-thru-ordeal; whereas
people are asking for key-continuity-management, with perhaps the
emphasis on the last word.
Well, is it than an endorsement for self-signed certs?
It's not an *endorsement*, but making it possible to use them without
fat warning and without risking CA-verfied sites with that. At least
that's one part.
For the average user, "making it possible to use them without fat
warning" is counter to any goal of securing the network. Self-signed
certs are part of the problem. The fat warning is the only thing that
makes this palatable. For the average user, there should be no ability
to override.
bob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
