firefox and bad ssl certificates

Martin Pitt martin.pitt at ubuntu.com
Wed May 7 22:45:46 UTC 2008


Peio Ziarsolo [2008-05-07 13:03 +0200]:
> But for power user that know the significance of a bad certificate it's
> annoniying add exceptions (this morning I have to add 3 esceptions).

This doesn't have anything to do with power users/n00bs. An invalid
SSL certificate isn't any better or worse depending on the type of
user. If a site sets up SSL with an invalid certificate, then this
buys the user nothing but a false sense of security.

The proper approach to this IMHO is to make adding exceptions in all
web browsers (especially IE) as hard and explicit as in Firefox 3.
This would perhaps force site admins to get a grip and stop ignoring
broken SSL certs, once they get a flood of complaints.

> Is there any key to toogle off this new feature? 

I *so much* hope that there isn't. People should really start to
understand that this is a SERIOUS error and shouldn't at all be
considered 'normal'.

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20080508/755868c8/attachment.sig>


More information about the Ubuntu-devel-discuss mailing list