Nelson B <[EMAIL PROTECTED]> writes: >Peter,
>Please spell out for us exactly what you mean by >> "treat a cert validation failure in the same way as a network error" >Do you mean to treat it as unrecoveragle error, with no option to override? >or ?? Treat it as an unrecoverable error. Providing non-technical users with an opt-out screen and an "I'm feeling lucky" button to click on is just security theatre, if you're serious about security then make it a nonrecoverable error in the same format as [tabs across to Firefox to check what it says] a "Server not found"-type message. If the user is expecting to talk to a server in a secure manner and the security fails, then it's a fatal error, not a one-click speedbump to annoy them. Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
