Hello! On Thu, Apr 25 2024, Maxim Cournoyer wrote:
> Clément Lassieur <clem...@lassieur.org> writes: > >> On Wed, Apr 03 2024, Maxim Cournoyer wrote: >> >>> It's been Guix policy to let people choose whether to install or not TLS >>> root certificates and which one to their machine. While I applaud the >>> idea to have the users make a conscious decision about it, in practice I >>> suppose very few of us choose to *not* install any as that basically >>> breaks using web browsers, especially ones like IceCat which (by >>> default) ensures HTTPS is used on every page. >> >> I'd be surprised Icecat breaks from this as it uses its own cert >> database and allows HTTP when HTTPS doesn't work. > > I didn't know Icecat had its own cert database. > > About allowing HTTP, it can access pages using it, but not without going > through a "Continue despite security risks" dialog, and perhaps turning > off the HTTPS everywhere add-on for the page, which is installed by > default. Indeed! (Well it's not an add-on anymore, but a Firefox native mode called HTTPS-only.) https://support.mozilla.org/en-US/kb/https-only-prefs Cheers, Clément