Comment #19 on issue 2010 by [email protected]: Feature: An option to disable the 'Expired Certificate" warning for a specific site http://code.google.com/p/chromium/issues/detail?id=2010
Yes, $12.99 is cheap. But I have a whole bunch of different domains on my server, so that adds up. But that's not the real reason why my domains use self-signed certificates. I'd be willing to pay, if only somebody was willing to sell me a certificate that was good for 10+ years. Having to go through the administrative effort of upgrading all my certificates every year is just not worth it for my low-traffic server. But having the benefits of encryption is still better than not having it. If Chrome remembered my self-signed certificate the first time it sees it, I could actually trust the SSL interstitial to provide a genuine warning. But as is, the interstitial is information-free (I already know that I use a self-signed certificate; no need to remind me), and even worse, I have no way to tell if the certificate changed and I am under attack. An even better option would be if Google maintained a global repository of certificates that it has seen in the past. Chrome could then query the repository, compare the certificates, and let me know if I am subject to a man-in-the-middle attack. This would avoid a large number of false-positive interstials, it would allow SSL interstitials to show genuinely useful warnings, and it would make self-signed certificates about as trustworthy as low-grade commercially signed certificates. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
