Adam Schreiber wrote: > On Dec 4, 2007 9:29 AM, Stef Walter <[EMAIL PROTECTED]> wrote: >> I'd like to propose [1] that we do away with these dialogs in GNOME. In >> my opinion if we cannot verify the certificate, then we should simply >> not show the UI elements that indicate a secure connection. We should >> just act as if the connection is like any other normal connection. >> >> Removing these dialogs doesn't 'solve' security on the Internet [3], but >> I think it will make things far less confusing for the user while >> maintaining the same level of security. > > I agree with Stef on not presenting these dialogs to the user. > However, it may be useful if we keep track of sites that use certs ala > ssh so that if a site's cert changes the user could be warned about a > possible man in the middle or phishing attack.
Yes, that's an additional security measure that it would be great to have. Phishing detection systems may want this sort of info as an additional input criteria for their algorithms as well. Stef _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
