I find this behaviour extremely annoying, since it treats browser users like stupid people who cannot decide themselves what website to visit and what not. (This sadly seems to be a general concept of Mozilla lately, since also the access to "about:config" comes with such an annoying warning)
In my opinion it also does not add any more security, because it is not impossible to fake CA certificates by hash colllision (and has recently been demonstrated, see http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html ) So this behaviour drives away people from encrypted sites using either self-signed certificates, or certificates signed by an autority not "trusted" by default, despite both of them are not really more unsecure than "trusted" certificates. Here http://blog.madism.org/index.php/2008/06/26/177-firefox3-and-ssl I found a guide to reduce the clicks necessary to visit an "untrusted" https site to "only" two. (The changes shown on that site can also be applied via about:config instead of editing the config file) This is a slight improvement, but the behaviour is still annoying enough to make me considering to switch to a different browser, although I got used to firefox and rather liked it. My recommendation for a warning about unverified certificates would be rather to display a notice bar in the upper part of the browser window (like for example the "Do you want to save this password" dialog), or to change the background colour of the address bar, which would be sufficient warning, but much less annoyance. -- Firefox 3 SSL warning page is slightly cryptic https://bugs.launchpad.net/bugs/217606 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
