On 05/19/2010 05:37 PM, From Jean-Marc Desperrier:
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
Amen! And you know what - today there is NO reason whatsoever not to get
real certs, they are available from free to very little these days.
Certainly for sites which use self-signed certs those are sufficient.
I collected a page of links on my blog. All of them raises SSL warning.
Not one is actually an attacker.
You don't know actually. But it's not important for you either.
Still one could for example think about an option to crowdsource the
answer.
Not automatically, but have an button when you meet the problem that
ask to the network if "svn.boost.org + this certificate imprint" is a
fake or not.
How do you know?
Then they are also the other error, like expired certificate, which
often is just a bad manipulation when the cert is *shortly* expired.
The browser could be smarter about that.
Yes, I agree with that.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
