Hello, I encountered an expired cert for an IMAP (STARTTLS) server from an ISP. While I've followed up with the ISP about the expired cert, there was something about Thunderbird's behavior that caught my attention.
In the "Add Security Exception" dialog box, the checkbox for "Permanently store this exception" was checked by default. Given users' tendency to click-through security warnings, would it not perhaps be better for that box to be UNchecked by default? That way they'll get a warning each time, and more likely to go bug their service provider to keep their certs up to date. Tse Chin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
