Trevor Freeman <trevor.freema...@icloud.com> wrote: > The certificate warning paradigm is over blown given that the typical > alternative is no TLS. An unauthenticated TLS connection is practically > speaking, no different to no TLS at all. The same of true when you see > certificate warring messages S/MIME messages when the rest of the > inbox is unsigned email. As long as the two cases are treated equal why > cannot you dispense with the certificate warning messages?
The reasoning behind the warning is about expectation. If the browser sees a self-signed cert instead, it does not know whether that was the original intent of the site, or whether someone just staged an attack and provided a self-signed cert instead of the real one. Since there is an expectation that a site that publishes an HTTPS URL will also provide a CA signed certificate, the browser errs on the side of detecting an attack. This would change if there was an easy way to detect that the site intended to use self-sign cert. But there is no such easy way today. -- Christian Huitema _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass