Robert Relyea wrote: > This is a side effect of the Mozilla/Firefox cert selection criteria. > Only valid certs that chain to a CA that is trusted by the Server (as > indicated by the Client auth CA list) is included. One of the changes > in my suggestions would be to include certs don't fit our criteria of > valid on the Ask Every Time list, but mark them as 'not preferred' > because the couldn't be validated. Anything which does away with the automatic selection will do. Specially in cases one has more than one certificate installed. It would make the process of accessing a client/auth protected server more obvious, instead of of doing this job for the user. I don't know how you would feel if you'd access a protected area on a web site and you don't even know about it...Some might suggest that the web site isn't protected at all...
I can understand from the perspective of the developers, that doing away with the automatic selection, is somewhat unsatisfying...after all, some of you have thought out the best one can do for the user in this respect. It's like throwing a very nice feature out of the window...grrr. Still, personally I'm not convinced that FF gets it right currently... > > > BTW the server kicked out the error because it had Request/Require > client auth set. Sure! But that message is useful as "XXXXXXXXXX happened". -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
