Heikki Toivonen wrote: > Eddy Nigg (StartCom Ltd.) wrote: > >> Heikki Toivonen wrote: >> >>> Some people have pushed for making SSL errors such that you cannot just >>> click OK and proceed to the site. I'd like to see that happen. >>> >> Interesting! Can you be more specific on what you propose here? >> > > It's not my proposal, and has in fact been discussed by people for > years. The basic idea is that if you go to a site and there is an SSL > error (expired cert, wrong host error, whatever), instead of a dialog > box with an OK button you are treated with an error page. There is no > way to click OK. You can simply not get to the site. This takes the > likely uninformed user out of the picture. > Are you throwing unrecognized CAs in that list of errors too? If so, it would mean that CAs, like CAcert and StartCom, would have to get a root certificate from a CA like Verisign, to enable users to get the root cert. <http://cert.startcom.org/?app=109>
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security