Erwann ABALEA <[EMAIL PROTECTED]> writes:
> Software could be written to help solve this problem, for example to not
> allow any connection from untrusted host, instead of asking the customer
> if he's knowledgeable enough to accept the risks of accepting something
> that could be potentially insecure... ;-)
This turns out not to work in practice.
Internet Explorer used to do exactly what you suggest but was
eventually changed under pressure from customers. The problem
is that in most cases where the certificate is wrong it's a simple
configuration error. Users hate being denied the ability to
connect to such sites.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: Kurt Seifred's article on... Erwann ABALEA
- Re: Kurt Seifred's article on... Thomas Nichols
- Re: Kurt Seifred's article on... Erwann ABALEA
- Re: Kurt Seifred's article on... Michael T. Babcock
- Re: Kurt Seifred's article on... Thomas Nichols
- Re: Kurt Seifred's article on securityport... Eric Rescorla
- Re: Kurt Seifred's article on security... Michael Sierchio
- Re: Kurt Seifred's article on sec... Eric Rescorla
- Re: Kurt Seifred's article on securityportal Jeffrey Altman
- Re: Kurt Seifred's article on securityportal Erwann ABALEA
- Re: Kurt Seifred's article on securityportal Eric Rescorla
- Re: Kurt Seifred's article on securityport... Erwann ABALEA
- Re: Kurt Seifred's article on securityportal Tim Power
- RE: Kurt Seifred's article on securityportal Jeff Cornett
- RE: Kurt Seifred's article on securityportal Erwann ABALEA
- Re: Kurt Seifred's article on securityportal Jeffrey Altman
- Re: Kurt Seifred's article on securityportal Michael Sierchio
