On 11/08/2008 10:50 PM, Kyle Hamilton:
I would have no problem with changing the chrome when people step outside of the assurances that Firefox tries to provide. I /do/ have a problem with removing the ability for users to try to self-organize their own networks. (The threat model is different, the policies are different, and the fact that everyone on this list is talking about removing the ability for self-signed roots to be used at all is an extremely counterproductive and cartel-supporting view.)
Kyle, why don't you do that the proper way, specially for corporate networks? Creating a root and distributing the root is the proper way to go, not some lousy self-signed crap you never ever will verify anyway.
I'm not against somebody being his own CA - not wanting to depend on others, but I'm against risking others by their actions. I think by creating your own root and by distributing it throughout your network and affected circles, you provide a certain protection level self-signed can't. You may even issue CRLs. Others which encounter a site without having imported the root (currently) still can accept the cert.
There is open source software out there which provide excellent support for setting up a corporate CA which requires minimum effort. I suggest to enable users "self-organize their own networks" correctly, mitigating even their own risks! Think about it...
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
