Hi,
Given users' tendency to click-through security warnings, would it
not perhaps be better for that box to be UNchecked by default?
No. If its a legitimate selfsign cert, its best to store it - then the
user won't be bothered but a real attack (changed cert again) would
trigger the warning
File a bug. (If we're going to annoy the users every time they first encounter
a security exception, we might as well go whole-hog and do it every time they
encounter a security exception.)
-Kyle H, the embittered
On Fri, Jun 4, 2010 at 7:21 PM, TEO Tse Chin teotsec...@gmail.com wrote:
On 2010-06-04 19:21 PDT, TEO Tse Chin wrote:
I encountered an expired cert for an IMAP (STARTTLS) server from an
ISP. While I've followed up with the ISP about the expired cert,
there was something about Thunderbird's behavior that caught my
attention.
In the Add Security Exception dialog
On 2010-06-06 11:22 PDT, aerow...@gmail.com wrote:
File a bug.
No, don't. It would be a duplicate. Find the bug already on file.
It's probably already resolved WONTFIX.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Sorry to reply out of order
That way they'll get a warning each time, and more likely to go bug
their service provider to keep their certs up to date.
Tse Chin
Even as a technical user I have a hard time finding out whom to
contact at a site and how to convince them to get a properly signed
Hello,
I encountered an expired cert for an IMAP (STARTTLS) server from an
ISP. While I've followed up with the ISP about the expired cert,
there was something about Thunderbird's behavior that caught my
attention.
In the Add Security Exception dialog box, the checkbox for
Permanently store
6 matches
Mail list logo