Robert Graham wrote: >> Hi Boaz, you can easily remove yourself using the web >> interface, as advertised in the footer: > > Ah, but Firefox gives the warning "This Connection is Untrusted". Apparently > the issuer is unknown and it expired March 29, 2008. Maybe he doesn't > "Understand the Risks", specifically the suggestion "Don't add an exception > unless you know there's a good reason why this site doesn't use trusted > identification.". Now, this is a list of security people, so there can't be a > good reason why the site doesn't use trusted identification. > > Although my sarcasm might not show it, I think expired/self-signed certs are > just fine (better than nothing), and that Firefox is overreacting. I'm just > pointing out that security is often a complex and difficult tradeoff. >
http://www.darkreading.com/blog/archives/2009/08/why_i_refuse_to.html > > -- Gadi Evron, [email protected]. Blog: http://gevron.livejournal.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
