Hi,
Given users' tendency to click-through security warnings, would it
not perhaps be better for that box to be UNchecked by default?
No. If its a legitimate selfsign cert, its best to store it - then the
user won't be bothered but a real attack (changed cert again) would
trigger the warning
Sorry to reply out of order
>> That way they'll get a warning each time, and more likely to go bug
>> their service provider to keep their certs up to date.
>>
>> Tse Chin
Even as a technical user I have a hard time finding out whom to
contact at a site and how to convince them to get a properly
On 2010-06-06 11:22 PDT, aerow...@gmail.com wrote:
> File a bug.
No, don't. It would be a duplicate. Find the bug already on file.
It's probably already resolved WONTFIX.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2010-06-04 19:21 PDT, TEO Tse Chin wrote:
> I encountered an expired cert for an IMAP (STARTTLS) server from an
> ISP. While I've followed up with the ISP about the expired cert,
> there was something about Thunderbird's behavior that caught my
> attention.
>
> In the "Add Security Exception"
File a bug. (If we're going to annoy the users every time they first encounter
a security exception, we might as well go whole-hog and do it every time they
encounter a security exception.)
-Kyle H, the embittered
On Fri, Jun 4, 2010 at 7:21 PM, TEO Tse Chin wrote:
Hello,
I encountered an
Hello,
I encountered an expired cert for an IMAP (STARTTLS) server from an
ISP. While I've followed up with the ISP about the expired cert,
there was something about Thunderbird's behavior that caught my
attention.
In the "Add Security Exception" dialog box, the checkbox for
"Permanently store t
6 matches
Mail list logo
