Hi,
Given users' tendency to click-through security warnings, would it
not perhaps be better for that box to be UNchecked by default?
No. If its a legitimate selfsign cert, its best to store it - then the
user won't be bothered but a real attack (changed cert again) would
trigger the warning again (not that it would help this user).
If its an attack cert, the damage (stolen password etc.) often happens
with the first click anyway, so there is not much to lose after that.
And beside that, the user would click away the warning next time
anyway...
Jan
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inconvenience, thank the spammers...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
