[132920] in cryptography@c2.net mail archive
Re: once more, with feeling.
daemon@ATHENA.MIT.EDU (Dave Howe)
Wed Sep 10 09:42:37 2008
Date: Tue, 09 Sep 2008 23:21:52 +0100
From: Dave Howe <DaveHowe@gmx.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <48C541DE.9040107@Sun.COM>
Darren J Moffat wrote:
> Warnings aren't enough in this context [ whey already exists ] the
> only thing that will work is stopping the page being seen - replacing
> it with a clearly worded explanation with *no* way to pass through
> and render the page (okay maybe with a debug build of the browser but
> not in the shipped product).
One thing that concerns me is that in the new release of firefox, there
appears to be NO way to get to a site that has a bad certificate (or
self signed certificate) other than overriding the warning permanently -
no "ok let me see it, I have seen the warning and want to look just this
once" that the "remember mismatched domains" plugin for 2.x gave you.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
