Hi Johnathan, Under http://wiki.mozilla.org/Security:SSLErrorPages#Motivations_.26_Objections (Motivations & Objections) goes into the issue: "to object to the idea that Mozilla "force" them to pay for a CA-validated certificate"
Allow me to point out that the StartCom CA[1] is issuing _free_ Class 1 (Domain validated) digital certification to any domain owner, valid for one year and without any strings attached! Obviously the StartCom CA is a known CA to NSS which makes the argument above invalid.... BTW, contributions are always welcome ;-) [1] http://cert.startcom.org/ -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 Johnathan Nightingale wrote: > Hi folks, > > I wanted to bring up some changes we are making to how Firefox handles > SSL with certificates of unknown provenance (self-signed, expired, > untrusted CA, domain mismatch). I've documented the details in the wiki > here: > > http://wiki.mozilla.org/Security:SSLErrorPages > > which, in turn, points to bugs 327181 and 387480. The very short > version is that the current SSL error dialogs will be replaced with > error pages that do not offer default-unsafe one-click overrides. This > will also involve improving support for adding trust exceptions from the > certificate manager, since those trust exceptions will be the way around > the error pages. > > If there are gaping holes in the approach here, it would be helpful to > know that! > > Cheers, > > Johnathan > > PS - Cross posted to dev.sec and d.t.crypto, but please follow up to > d.a.firefox. > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
