Hello, Sorry to cut in, but...
> The best way is to ask the user, +1 on that, always ask the user about such things. > however for the gtalk case we don't > need ask, we can silently accept the certificate Why is that? The cert is invalid for the host, why make an exception? There should, of course, be a checkbox "remember this setting" or "don't ask again", but IF the certificate is invalid for the host, ALWAYS ask the user first, Google or no Google. And I would remember the setting on a per-host, not per-cert basis, so that when we have a situation: cert's CN: hostA.example.com hostB : hostB.example.com hostC : hostC.example.com And we connect first to hostB, we ask the user and the acceptance setting is remembered, if we then connect to hostC, we ask again, for this host, because the settingwas remembered for hostB only. That way we can be sure to have no complaints about "you made MITM SSL attack possible, without me knowing". User always has to click. Chers Mike _______________________________________________ QuteCom-dev mailing list [email protected] http://lists.qutecom.org/mailman/listinfo/qutecom-dev
