Hello there,
On Friday 12 December 2008, Bil Corry wrote:
> Gervase Markham wrote on 12/12/2008 11:23 AM:
> > Is this an official IETF group? It seems odd that its list is not on the
> > IETF mailing list server.
>
> We're not officially affiliated with any group, although the plan is to
> move it
On Saturday 20 September 2008, Ben Bucksch wrote:
> The important part is "treat 'TLS, if available' like unsecured in the
> UI", though. We can't say "Automatic" or anything else that suggests
> that people may be secure (because they not, even if STARTTLS works at a
> given moment, because it may
On Thursday 18 September 2008, Jean-Marc Desperrier wrote:
> The options should read :
> [ ] require STARTTLS
> [ ] disable STARTTLS
>
> With none of the two enabled by default.
>
> Getting "require STARTTLS" automatically enabled if the initial
> connexion was succesfully in STARTTLS mode would be
On Tuesday 20 May 2008, Gervase Markham wrote:
> Right. I can see how we are getting the message out to sites about EV
> adoption, but I'm concerned about how we are going to tell 150 million
> people that they need to check identity when doing financial stuff.
IMHO: Implementing a ready and easy
On Friday 31 August 2007, Nelson Bolyard wrote:
> Stefanos,
>
> If you'[re really worried about students being MITM attacked, then you
> might ask why the University has so many https sites using invalid certs
> which necessitate the users getting this dialog in the first place.
>
> Don't worry, in
Hello there,
As you already know (:-)) when firefox visits an SSL enabled site and gets a
certificate that cannot be verified, asks the user about the action it should
take. The current actions are: Accept Permanentely (#1), Accept for Session
(#2), Don't Accept (#3), having #2 as the presele
