firefox and bad ssl certificates
Phillip Susi
psusi at cfl.rr.com
Fri May 9 21:02:28 UTC 2008
Martin Pitt wrote:
> I don't consider it a new feature, but a better UI. Firefox has always
> complained about invalid certificates, but until version 2 it was just
> the well-known 'SSL yadayada cannot be verified mumblemumble click
> here to shut me up' popup dialog, and really everyone just clicked
> this away, right? Security click-through dialogs should be abolished,
> since they achieve nothing and are really just an excuse for the
> software provider: "I know it is unsafe, and cannot give you something
> better. Of course you can't know either, but at least I can make it
> your problem now."
>
> Now you get at least a proper error message page. I don't doubt that
> the text can be improved, and make more concise/clear, etc., but the
> UI is much better IMHO.
I could not disagree with this more strongly. You can't go around
applying nerf padding to everything to protect against the possibility
of someone running head first into the wall. When you try to protect
people from themselves, and that protection has a negative impact on
them, you aren't doing them any favors. I don't like the fact that my
car won't let me ( or my passenger ) choose to fiddle with the gps while
the wheels are turning, and I don't like this change to firefox.
An invalid cert is something that MIGHT be cause for concern, but often
is not, so a notification is quite sufficient to let the user decide if
it is ok to proceed or not. Making them jump through hoops of fire to
be SURE they want to proceed is a bad idea.
Now improving the existing message to be more informative and educate
the user as to what is going on is something I'm all for, but you should
not assume the user has no clue and must be locked up to protect him
from himself.
More information about the Ubuntu-devel-discuss
mailing list