Georg Koppen: > antispa...@sent.at: >> Could Tor Browser kill or minimize the warning triggered by entering a >> site with a self signed certificate? > Killing is not a good idea. What do you mean with "minimize"?
A self-signed certificate is better than no certificate. Given the trouble with a CA, it might be just as good as a CA certificate. Anyway, This Connection is Untrusted. Good. The Aholes from Firefox never bothered to write the same warning about plain HTTP connections. Ain't it funny? I know at least a dozen sites that do password authentification through HTTP. Are they any better? And I can't just browse the site after that warning. I can go to disney.com with "Get me out of here". Than there is that user friendly "Technical Details" which would make any granny click and get her glasses on 'cuz it's time to check the signatures. Maybe for you, the tech guys, that means something to be thankful for being so easy to reach. I don't think that the Iranian disident or the Turkish journalist would feel the same next time. I click I understand the risks. And nothing. I acknowledged the risk. Yet the browser won't let me proceed. So you have two extra paragraphs of curses. If they were so interesting, why aren't they on the first page? So finally I can add an exception. Which I have to confirm. Why not something like the NoScript banner/warning? Why not the same curses on ANY unencrypted page, or at least those that present the user with a password field? I checked that with Autistici.org. They have a wonderful AES 256bit key. All my online banking is done over RC4 128bit at best. That is as strong as Wikipedia! Autistici.org does generate that need for three extra pointless clicks. Any of my banking sites generates nothing. Any of the sites and forums that do authenticate through HTTP generate nothing. Sure it sounds like a conspiracy. But why feed the dangerous game of the CAs? Why do the free software has to fill the pockets of these companies? Why kick the sites that do care about their users in the teeth unless they pay for the CA ransom? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
