Jean-Marc Desperrier wrote, On 2008-10-20 01:50: > Eddy Nigg wrote: >> Ian G: >>> Nelson B Bolyard wrote: >>>> Despite all the additional obstacles that FF3 put in her way, and all >>>> the warnings about "legitimate sites will never ask you to do this", >>>> she persisted in overriding every error, and thus giving away most of >>>> her valuable passwords to her attacker. >>> Yep, no surprise. FF3 tries too hard, way too hard, imho. >> Quite the opposite...just imagine Firefox wouldn't have made it that >> hard and annoying, she wouldn't have filed a bug report and we wouldn't >> know. > > As has *already* been reported on this group, *many*, *many*, *many* > users did not fill a bug report until now and switched browser instead. > > You have found the very single user knowledgeable enough to fill a bug > report instead of switching browser. The mozilla community absolutly > *needs* to understand this is *not* the standard behaviour until now. > The standard behaviour of users has always been to switch browser and > not report anything.
So, what's your point, Jean Marc? Do you argue that Firefox should ignore bad cert errors, or make them utterly trivial to override, so that users will continue to use Firefox, even if it means that they will be *owned*, as the user of bug 460374 was? Perhaps Firefox should not even bother to report bad cert errors, then? That would be consistent with caring only about keeping users, and not caring about user security. Is that what you advocate? _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
