Steve wrote: > In article<[EMAIL PROTECTED]>, > [EMAIL PROTECTED] says... >> Think about it : Instead of protecting them, Fx has pushed them to take >> a decision that heightens their risk level, it would have been more >> secure to let them go though the warning and access the site with Fx >> rather than with IE. >> > Ok, so using your train of thought, we let every man and his dog have a > root ca in Firefox; That stops people using IE, but hey, I think there > is a much greater problem.
You didn't get what I meant, but I didn't help by not saying immediately what kind of solution I favored. I didn't do that because I didn't want to mix the problem with the specific solution I was thinking of. I'd like to say first that unrecognized CA is only one the possible cause for Firefox displaying the new "access denied" screen, and my concern is about this screen, not about the specific point of unrecognized CAs. In the Fx 3 beta, when I first saw this screen and the complex procedure required to proceed through and access the site, I thought it was a way to make sure people would think carefully about what they were doing instead of just clicking "Ignore warnings", and I was OK with the idea. But later I found out that in practice people, even quite smart people, did not understand how to get through this screen, *and* would start IE to access the site instead of continuing with Firefox. Now here comes Thorsten who has access log statistics that prove the reality of this phenomen. So the solution I'd be in favor of is : - Declare the current SSL error screen a failure - Let people go through the SSL error screen easily, just like in Fx 2 - After they have gone though the SSL error screen and as long as they stay on this SSL site, display a non-removable warning bar that says "This site is not trusted, do not submit sensible information !". Make it red, flashing, anything required so that ordinary people will feel very uneasy at the idea of ignoring it. - (I see that as a not really required option): Have some complex procedure that allows to remove this warning bar, similar to the current one to avoid the error screen. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
