Joshua Juran wrote: > On Mar 2, 2009, at 6:40 AM, Peter da Silva wrote: > >> I'm using Mail with a self-signed certificate on my home mail server. >> All I had to do was add the certificate to my keychain. > > There's an option to do that, but you have to click Show Certificate to > get there. "Show Certificate" says that it will show me something -- > not that there are options I can change. > > And if you click Connect first, the warning dialog doesn't come back > until you quit and relaunch Mail. > > Mail had no problem with contacting the POP server on the same host, > just SMTP. > > Hate.
I was going to write up a big rant about the 23 step process you have to go through to enter an SSL cert exception in Firefox, but you know what, fuck it. It's not their fault. They're doing their best to protect 99% of users who have no idea what's going on from scammers where 99% of the time a cert exception is a bad idea. The fault is having the relatively simple problem of encryption entangled with the complex problem of identification. On top of that a taxation on the whole process in the form of buying a cert from a commonly recognized authority. Rather than risk their users seeing an "OMG UR WEBZ R h...@x0rd!!!11!" dialog, web sites that could be encrypted aren't. You'd take the ssh approach: store the server's key and only scream if it changes. You'd need a little clever UI design to differentiate between a certified web site and a merely encrypted one. Then that's it. The lack of ubiquitous encryption has probably enabled far more scams than what might be lost by allowing certless SSL. -- The interface should be as clean as newly fallen snow and its behavior as explicit as Japanese eel porn.
