On Mon, Apr 13, 2015 at 11:26 PM, <ipart...@gmail.com> wrote: > > * Less scary warnings about self-signed certificates (i.e. treat > HTTPS+selfsigned like we do with HTTP now, and treat HTTP like we do with > HTTPS+selfsigned now); the fact that self-signed HTTPS is treated as less > secure than HTTP is - to put this as politely and gently as possible - a > pile of bovine manure > > I am against this. Both are insecure and should be treated as such. How is > your browser supposed to know that gmail.com is intended to serve a > self-signed cert? It's not, and it cannot possibly know it in the general > case. Thus it must be treated as insecure. >
This is a good point. This is exactly why the opportunistic security feature in Firefox 37 enables encryption without certificate checks for *http* resources. --Richard > > * Support for a decentralized (blockchain-based, ala Namecoin?) > certificate authority > > No. Namecoin has so many other problems that it is not feasible. > > > Basically, the current CA system is - again, to put this as gently and > politely as possible - fucking broken. Anything that forces the world to > rely on it exclusively is not a solution, but is instead just going to make > the problem worse. > > Agree that it's broken. The fact that any CA can issue a cert for any > domain is stupid, always was and always will be. It's now starting to bite > us. > > However, HTTPS and the CA system don't have to be tied together. Let's > ditch the immediately insecure plain HTTP, then add ways to authenticate > trusted certs in HTTPS by means other than our current CA system. The two > problems are orthogonal, and trying to solve both at once will just leave > us exactly where we are: trying to argue for a fundamentally different > system. > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
