Here is a good explanation of how this is handled in Firefox 3.0 (different from both Eben and Benjamin proposal):
http://www.dria.org/wordpress/archives/2008/05/06/635/ Marco On Thu, Jun 5, 2008 at 4:14 PM, Benjamin M. Schwartz <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Eben Eliason wrote: > | On Thu, Jun 5, 2008 at 12:36 AM, Michael Stone <[EMAIL PROTECTED]> wrote: > |> On Tue, Jun 03, 2008 at 11:03:44AM +0200, Marco Pesenti Gritti wrote: > |>> * Browser bookmarks and autocompletion. - priority 3 > |> I'd really like to see some progress on #542/#5534 (deal with > |> non-standard SSL certificate authorities). This is going to become a > |> bigger and bigger stumbling block the longer we wait. Surely we could > |> manage some sort of 'accept this cert' button? (Keep in mind the > |> possibility of another G1G1 coming our way in the foreseeable future.) > | > | I think that a non-modal alert (akin to those used for downloads) > | would suffice. Toss up buttons for "view" "cancel" and "accept", with > | the first of these presenting a modal alert with the detailed > | certificate information, and we'd be set. > > I don't understand this at all. If a site offers an invalid/untrusted SSL > certificate, it should simply be accepted silently. The user should have > the same experience as if the page were not using SSL. > > We know from experience that users do not know how to interpret the > certificate warning, and simply learn to click on the button that allows > them to continue. Presenting them with an incomprehensible warning, and > then indicating that the connection is secure, is not good security, and > not good UI. > > - --Ben > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkhH9NcACgkQUJT6e6HFtqTISgCbBCObRmRVpQHGaoYEf484Qyny > c4kAniMlTZgUzUiIc8mOqDtI1BJrZcjm > =3UDw > -----END PGP SIGNATURE----- > _______________________________________________ > Sugar mailing list > Sugar@lists.laptop.org > http://lists.laptop.org/listinfo/sugar > _______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar