-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eben Eliason wrote: | On Thu, Jun 5, 2008 at 12:36 AM, Michael Stone <[EMAIL PROTECTED]> wrote: |> On Tue, Jun 03, 2008 at 11:03:44AM +0200, Marco Pesenti Gritti wrote: |>> * Browser bookmarks and autocompletion. - priority 3 |> I'd really like to see some progress on #542/#5534 (deal with |> non-standard SSL certificate authorities). This is going to become a |> bigger and bigger stumbling block the longer we wait. Surely we could |> manage some sort of 'accept this cert' button? (Keep in mind the |> possibility of another G1G1 coming our way in the foreseeable future.) | | I think that a non-modal alert (akin to those used for downloads) | would suffice. Toss up buttons for "view" "cancel" and "accept", with | the first of these presenting a modal alert with the detailed | certificate information, and we'd be set.
I don't understand this at all. If a site offers an invalid/untrusted SSL certificate, it should simply be accepted silently. The user should have the same experience as if the page were not using SSL. We know from experience that users do not know how to interpret the certificate warning, and simply learn to click on the button that allows them to continue. Presenting them with an incomprehensible warning, and then indicating that the connection is secure, is not good security, and not good UI. - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhH9NcACgkQUJT6e6HFtqTISgCbBCObRmRVpQHGaoYEf484Qyny c4kAniMlTZgUzUiIc8mOqDtI1BJrZcjm =3UDw -----END PGP SIGNATURE----- _______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar