Andy Steingruebl writes: > They used to be quite common, but other than 1 or 2 sites I visit > regularly that I know ave self-signed certs, I *never* run into cert > warnings anymore. BTW, I'm excluding "mixed content" warnings from > this for the moment because they are a different but related issue.
I see it about once per week, but not in the course of my own browsing -- in the course of following up on HTTPS Everywhere bug reports where sites used to have a valid cert (perhaps on an HTTPS site that they didn't actively promote) and then stopped. An example from yesterday was https://www.senate.gov/ which had a valid cert a while ago and then recently stopped. (Their HTTPS support was reported to us as working on June 29; according to Perspectives, the most recent change apparently happened on September 9.) HTTPS Everywhere makes users encounter this situation more than they otherwise might. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
