On 10/18/2008 11:22 AM, Nelson B Bolyard wrote [in part]: > > Is removal of the ability to override bad certs the ONLY effective > protection for such users?
I visit some Web sites with self-signed certificates. None of those sites request any input from me. The only reason they have site certificates is that the site owners want to show off how technically astute they are. Hah! However, those sites do indeed contain information that I want. I definitely do not want to be locked out of them. I have also visited sites with incorrectly configured site certificates. In at least one situation, the owner decided to change the domain name without getting a new certificate for the new domain. In several cases, intermediate certificates were not installed, contrary to explicit instructions from the certificate authorities. I definitely do not want to be locked out of these sites either. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
