On 01/09/2009 02:24 AM, Ian G:
Well, is it than an endorsement for self-signed certs?
Oh, no, we are down on advocacy this week :) Actually KCM works much
better with CA-signed certs, because they help (quite a lot) with the
"first visit" problem.
I could see some use case for this, specially when used as you mentioned
with the non-self-signed-certificates-advocacy! However I'm afraid that
reality is far away from having this implemented anytime soon because
all major server software and CAs create usually new keys for every new
certificate. Well, the ones which issue certs for ten years would be in
a comfortable position...(or not :S )
Think of a bookmark. Add a cert. add a few whizzbangs in the bookmark
manager, go from there....
Mmmhhh, well, I can't remember when I saw bookmarks the first time. Must
have been some time in the nineties, no?
I run NoScript. It means I have to confirm every site I see, and decide
whether to let it do stuff. For me, this is ok (I'm not suggesting it
for everyone) because I don't like websites going mad, and I have no
idea what all that javascript is doing.
NoScript is for geeks really...or better said, it's used by geeks only.
JavaScript is becoming these days ever more important and browser
vendors are literally investing huge effort to make it faster and
secure...I think it's not fun browsing with NoScript. But yes,
confirming every site would be annoying for me...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
