Jean-Marc Desperrier schrieb: > So the solution I'd be in favor of is : > - Declare the current SSL error screen a failure > - Let people go through the SSL error screen easily, just like in Fx 2 > - After they have gone though the SSL error screen and as long as they > stay on this SSL site, display a non-removable warning bar that says > "This site is not trusted, do not submit sensible information !". > Make it red, flashing, anything required so that ordinary people will > feel very uneasy at the idea of ignoring it. > - (I see that as a not really required option): Have some complex > procedure that allows to remove this warning bar, similar to the current > one to avoid the error screen.
That's a nice idea. One problem I have with the current implementation is: A user gets a big warning about an unknown and untrusted certificate. In the next step, he can add an exception. That process is a bit difficult. And it should be difficult. I totally agree with that. But if you go through the process of adding an exception (and don't think about it, as the average "Joe User" most likely does), the exception is stored permanently. You won't get a warning the next time you visit the site. I think the solution that Jean-Marc outlined above would make some sense: It would make it a bit easier to visit certain sites, but disturb permanently if someone visits a site that has no trust anchor in firefox. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
