On Wed, 23 Apr 2014 09:07:02 +0000
antispa...@sent.at wrote:
> Georg Koppen:
> > antispa...@sent.at:
> >> Could Tor Browser kill or minimize the warning triggered by
> >> entering a site with a self signed certificate?
> > Killing is not a good idea. What do you mean with "minimize"?
>
> A self-signed certificate is better than no certificate. Given the
> trouble with a CA, it might be just as good as a CA certificate.
Or better? The certificates handed by the US government through
its cronnies are compromised. A self signed
certificate from a honest provider, less so.
>
> Anyway, This Connection is Untrusted. Good. The Aholes from Firefox
> never bothered to write the same warning about plain HTTP connections.
> Ain't it funny? I know at least a dozen sites that do password
> authentification through HTTP. Are they any better?
>
> And I can't just browse the site after that warning. I can go to
> disney.com with "Get me out of here".
>
> Than there is that user friendly "Technical Details" which would make
> any granny click and get her glasses on 'cuz it's time to check the
> signatures. Maybe for you, the tech guys, that means something to be
> thankful for being so easy to reach. I don't think that the Iranian
> disident or the Turkish journalist would feel the same next time.
>
> I click I understand the risks. And nothing. I acknowledged the risk.
> Yet the browser won't let me proceed. So you have two extra paragraphs
> of curses. If they were so interesting, why aren't they on the first
> page?
>
> So finally I can add an exception. Which I have to confirm.
>
> Why not something like the NoScript banner/warning?
>
> Why not the same curses on ANY unencrypted page, or at least those
> that present the user with a password field?
>
> I checked that with Autistici.org. They have a wonderful AES 256bit
> key. All my online banking is done over RC4 128bit at best. That is
> as strong as Wikipedia! Autistici.org does generate that need for
> three extra pointless clicks. Any of my banking sites generates
> nothing. Any of the sites and forums that do authenticate through
> HTTP generate nothing.
>
> Sure it sounds like a conspiracy. But why feed the dangerous game of
> the CAs? Why do the free software has to fill the pockets of these
> companies? Why kick the sites that do care about their users in the
> teeth unless they pay for the CA ransom?
>
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
