On Mon, Mar 30, 2009 at 09:50:20 -0700,
  Craig White <craigwh...@azapple.com> wrote:
> I'm not sure that I agree with you at all but your being vague. If I
> assume that you are talking about the way Firefox handles untrusted
> certificates with their alert and requires you to 'get the certificate'
> and accept & store or merely temporarily accept, then I disagree...I
> very much like the way they are handling untrusted certificates. By
> contrast, the way most portable devices such as iPhones, Blackberries,
> etc. handle untrusted certificates glosses over these details to the
> point of scary.

Because you have to jump through hoops if all you want is protection from
passiv eavesdropping and not assurance that I am connected to the correct
web site. (And even the roots CAs don't provide that. They provide assurance
about the connection matching the domain name, which isn't really the
same thing.)

> I'm not sure at all what you are accomplishing by removing the normally
> trusted root certificates.

If I return to a site I notice whether or not the certificate has changed.
The UI still sucks for this, since it wasn't designed to be used this way.

I have no special trust relationship with any of the organizations that
have their certs included in firefox, and they don't certify what I really
want to know, so they just get in the way.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to