Web of Trust (a revolution)
Bruno Wolff III
bruno at wolff.to
Mon Mar 30 17:16:23 UTC 2009
On Mon, Mar 30, 2009 at 09:50:20 -0700,
Craig White <craigwhite at azapple.com> wrote:
> I'm not sure that I agree with you at all but your being vague. If I
> assume that you are talking about the way Firefox handles untrusted
> certificates with their alert and requires you to 'get the certificate'
> and accept & store or merely temporarily accept, then I disagree...I
> very much like the way they are handling untrusted certificates. By
> contrast, the way most portable devices such as iPhones, Blackberries,
> etc. handle untrusted certificates glosses over these details to the
> point of scary.
Because you have to jump through hoops if all you want is protection from
passiv eavesdropping and not assurance that I am connected to the correct
web site. (And even the roots CAs don't provide that. They provide assurance
about the connection matching the domain name, which isn't really the
same thing.)
> I'm not sure at all what you are accomplishing by removing the normally
> trusted root certificates.
If I return to a site I notice whether or not the certificate has changed.
The UI still sucks for this, since it wasn't designed to be used this way.
I have no special trust relationship with any of the organizations that
have their certs included in firefox, and they don't certify what I really
want to know, so they just get in the way.
More information about the fedora-list
mailing list