Nelson B Bolyard:
OK, I was too flippant, but I'm serious about wanting an alternative
to https, something that means security not good enough for financial
transactions, but OK for your private home router/server.
One way doing it is going to http://www.ietf.org/ and proposing it.
Another way could be to enable for professionals and service personnel a
special mode to allow configuring of routers and other similar
appliances (I suggested editing of about:config but there might be
better choices and ideas), while keeping the average user out of this cycle.
Incidentally the Mozilla manifesto principals call in #4 for
"Individuals' security on the Internet is fundamental and cannot be
treated as optional." I believe that the above suggested and proposed is
perfectly in line - and a direct implementation - of this principal.
Self-signed certificates are by fact and design not validated by a third
party and responsible for the current insecurity - and with the browser
providing the convenience to override them, makes the individuals'
security optional. One could claim that the current behavior is counter
to the Mozilla manifesto principals.
Better security will strengthen the other goals and principals of the
manifesto, it will make the browser and the Internet stronger and more
usable then ever.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
