then why not create an internal build of Firefox, embed your own root into it, and issue certificates from that root to the boxes that need it?
Oh yeah, because people use computers for more than one purpose. A home machine can be used to VPN into work. Wake up, Mozilla. Your policy is not useful to the users. On Thu, Nov 5, 2009 at 3:52 AM, Florian Weimer <[email protected]> wrote: > * Eddy Nigg: > >> This item has been also taken to the CAB Forum and is discussed and >> hopefully included with the Basic SSL Guidelines which are in the >> making. Host-names and internal IP addresses provide *NO PROTECTION* >> whatsoever and is pure snake oil. CAs which issue such certificates >> deceive their customers and relying parties. > > Sorry, this is just not true. The suppression of the browser warning > is a value for which people pay. Without the certificate, the browser > warning would reduce end user confidence in the service, essentially > reducing security as perceived by the end user. > > (The system doesn't do much else anyway, but at least this type of > service is provided by CAs.) > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
