> I'm not sure why you think this is "a common practice". Sure it was the > case like 5 years ago, but now every major webmail provider, bigger Only "SSL only" was meant to be common practice - not the self-signed certificates. Did I express myself this unclearly?
> companies and even universities use good certificates. I use 6 accounts > for work and 2 personal accounts and all of them are properly secured > with proper certificates. And given what messages IE, FF and Chrome > throughs at users these days, I don't imagine who is using self-signed ones. Proper certificates usually cost money, which is a costly good. Apart of that, there are not many other "reasonable" reasons for using self-signed one, but that's not the point. I really do not think a program should be the neighborhood watch officer for what its users decide to do. Every program that lets me store an exception for a certificate also warns me that it may not be a good idea and urges me to think twice. That's reasonable & fine so. But they let me do it - as opposed to not even mentioning that possibility "for my own good" (which is a very tempting, but rotten, position to assume, in my opinion). Best regards -- Viktor ________________________________________________________ Current beta is 5.0.6.1 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
