For your suggestion to work, there has to be an incentive to upgrade from the self-signed certificate to something better.
:-) Surely you are not suggesting that there is no incentive in security? My oh my! Actually, there will be a huge residual incentive for many years to come. Think of it this way - even if we manage to get all this in place, there is no way that we will be able to overcome the mindset that says that CA certs are the thing to have.
I never suggested there was no incentive in better security. Treating unauthenticated encryption (which you call security), in the same manner as SSL with CA authentication, then all we have done is reduce the default overall level of security, from very high to nil IMO (or "self" as you call it).
I would strongly object to any kind of congratulations .
If you wanted to eliminate warnings for self-signed certs, the only way I wouldn't object to it would be to treat those type of connections exactly the same as unsecured connections . However, that's not possible, because mostly they use the https protocol in URLs , which client applications today use to check for CA trust . You would need to come up with some new trigger for your unauthenticated encrypted connections (perhaps a new protocol handler) .
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
