Owen Taylor wrote: > If you are connecting on an insecure network (say coffee shop wireless) > then a https connection to an untrusted certificate is a distinctly weak > form of security. > > It tells you that you have a encrypted connection to *somebody*. > > - Owen > > (And note that Stef's proposal doesn't just greenlight a connection to > https://bugs.freedesktop.org, it greenlights a https connection to a > DNS-spoofed https://mybank.com.)
Neither bugs.freedesktop.org or a DNS spoofed https site would be 'greenlighted' under my proposal. Just the opposite. It would be treated just like the untrusted connection that it is. A TCP connection is basically untrusted. And an SSL connection to someone we can't verify is the same from a trust perspective. Of course, if someone (like Pat with his mail server) has noted a specific certificate to be trust worthy, then it will be treated as trusted whether or not we have a root CA for it. But presenting the user with the choice every time is wrong in my opinion. Stef _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
