Jean-Marc Desperrier wrote, On 2008-10-20 01:50:
> Eddy Nigg wrote:
>> Ian G:
>>> Nelson B Bolyard wrote:
>>>> Despite all the additional obstacles that FF3 put in her way, and all
>>>> the warnings about "legitimate sites will never ask you to do this",
>>>> she persisted in overriding every error, and thus giving away most of
>>>> her valuable passwords to her attacker.
>>> Yep, no surprise. FF3 tries too hard, way too hard, imho.
>> Quite the opposite...just imagine Firefox wouldn't have made it that
>> hard and annoying, she wouldn't have filed a bug report and we wouldn't
>> know.
> As has *already* been reported on this group, *many*, *many*, *many* 
> users did not fill a bug report until now and switched browser instead.
> You have found the very single user knowledgeable enough to fill a bug 
> report instead of switching browser. The mozilla community absolutly 
> *needs* to understand this is *not* the standard behaviour until now. 
> The standard behaviour of users has always been to switch browser and 
> not report anything.

So, what's your point, Jean Marc?

Do you argue that Firefox should ignore bad cert errors, or make them
utterly trivial to override, so that users will continue to use Firefox,
even if it means that they will be *owned*, as the user of bug  460374

Perhaps Firefox should not even bother to report bad cert errors, then?
That would be consistent with caring only about keeping users, and not
caring about user security.  Is that what you advocate?
dev-tech-crypto mailing list

Reply via email to