previously on this list Bas Wijnen contributed: > From: Bas Wijnen <wij...@debian.org> > To: debian-devel@lists.debian.org > Subject: Re: ca-certificates: no more cacert.org certificates?!? > Date: Tue, 1 Apr 2014 22:22:12 +0200 > User-Agent: Mutt/1.5.21 (2010-09-15) > > On Tue, Apr 01, 2014 at 11:04:43AM +0100, Philip Hands wrote: > > I think the real problem here is the user interface asking one to trust > > a site (forever, unless you're concentrating) at a point where you > > really don't care because all you're interested in is seeing the cute > > picture of an otter on someone's blog. > > Yes. And the fact that making your blog use an encrypted connection > causes either scary warnings for all your visitors, or a lot of hassle > trying to find a CA who is slightly less extorting than the others, > leads to the result that most people give it up and don't use encryption > on their blog.
I agree > I think at Debian we all agree that it would be a good > thing if everything would be encrypted, so this is a very bad outcome. > I beg to differ I'm afraid. SSL should be used where it is required otherwise you are opening the server upto DOS and as it is more complex, bugs and exploits not to mention greater memory and cpu usage in similar fashion to systemd. > > I've also asked Mozilla to give plain HTTP connections at least as much > warnings as self-signed certificates (which would probably mean no > warnings for either of them), but I don't think they'll listen. What have you asked them exactly. I believe glaring warnings should be removed from self-signed and green bars removed completely for EV certs but you should be asked to check the fingerprint for self-signed and the browser should cache the cert and warn of changes in all cases though that would scare the uninitiated at first??? -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/616880.64104...@smtp144.mail.ir2.yahoo.com
