On Tue, 1 Nov 2005, Julien Pierre wrote: > Regardless, it is the right thing to do. If non-technical users want to > shoot themselves in the foot, they should certainly be free to do so - > using another browser.
Refusing to accept self-signed certificates is *not* the right thing to do. That would only further the notion that buying a certificate from one of dozens of approved CAs is what makes a website legitimate, which is false. What fraction of the 30 to 50 root CAs on your root CA list do you know or have ever heard of? Do you know their policies? Do you know their management? Why should you trust them? What makes a website legitimate is the fact that it is the website you truly intended, not the fact that it happens to have paid a member of the CA extortion ring. -- ?!ng _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
