> Yes, at least in corporate environments, parental control solutions, etc.
This will give a more understandable message to the user.
But as others have pointed out, the alert is not signed by the target origin.
So anyone along the path can inject this alert. So browsers cannot trust it,
and they certainly cannot display any possible text associated with it.
How can you distinguish valid and proper use, from not valid and improper use
including DoS? Without that algorithm specified, I doubt any browser would
implement this. (And IMO I doubt they will do so anyway.)
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
