Am 2014-04-22 08:54, schrieb Georg Koppen:
> antispa...@sent.at:
>> Could Tor Browser kill or minimize the warning triggered by entering a
>> site with a self signed certificate?
>
> Killing is not a good idea. What do you mean with "minimize"?
>
> Georg
>
>
>
>
I've wanted that for browsers too. Don't kill it, but notify
("non-blocking") that you should manually verify a checksum (bonus: just
display the sha1 directly).
You should check a checksum manually either way. Contious web services
post the sha1 of a new certificate (or offer to send it via sms or
whatever) and offer you to check it manually. Although it's signed by
some CA.
Self-signing is not at all less secure, quite often the opposite is true.
I'd *love* a firefox-notification (just like "plugin is missing") that
just reads the sha1 of the certificate in big letters.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
