Robert Graham wrote: > Although my sarcasm might not show it, I think expired/self-signed certs > are just fine (better than nothing), and that Firefox is overreacting. ...
Whilst I agree on the first point, so long as the user understands what the point of the cert is, I think that FF is especially keen on blocking access to sites with certs from non-recognized CAs in response to a brief spurt of phishing sites using just that kind of cert, and successfully tripping up folk whose understanding of the point of certs and "secure" pages was "if there is a padlock it is _safe_". That is, it was a technological response to grossly simplified (and thus failed) "user education"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
