On 8/1/09 23:35, Eddy Nigg wrote:
On 01/08/2009 11:44 PM, Ian G:
Well, what Firefox does is cert-exception-click-thru-ordeal; whereas
people are asking for key-continuity-management, with perhaps the
emphasis on the last word.
Well, is it than an endorsement for self-signed certs?
Oh, no, we are down on advocacy this week :) Actually KCM works much
better with CA-signed certs, because they help (quite a lot) with the
"first visit" problem.
Otherwise I can't
see the difference between what's requested and what already exists. The
only thing which would change perhaps is the case when ANY certificate
changes its state (replaced). Is this what is advocated?
Well, back in the old days, we all had to type in URLs and email
addersses manually. These days we have smart programs to remember what
we do, what we accept, what we authorise.
Think of a bookmark. Add a cert. add a few whizzbangs in the bookmark
manager, go from there....
It feel rather annoyed if I'd have to confirm every new cert
encountered.
I run NoScript. It means I have to confirm every site I see, and decide
whether to let it do stuff. For me, this is ok (I'm not suggesting it
for everyone) because I don't like websites going mad, and I have no
idea what all that javascript is doing.
But, yes, I understand that users want their "rich experience."
Personally I would recommend everyone to use something like NoScript,
but it is too complicated to explain to users. So they have to suffer.
Specially those which issue for relative short life-time
would be again in disadvantage (despite doing the right thing).
Yes, this is an extra step. TANSTAAFL.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
