[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Jeff Mitchell <mitchell () kde ! org>
Date: 2009-06-08 22:47:55
Message-ID: 4A2D951B.9080709 () kde ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Matthew Woehlke wrote:
> Jeff Mitchell wrote:
>> Self-signed certificates serve perfectly well for encryption,
> Yes, but whose encryption? The point of an authority-issued certificate
> is that there is some level of assurance that it was obtained by someone
> honest and for the site it is reportedly for.
But there isn't a choice. Certificates are essentially the only
encryption method feasible for most sites, because of e.g. browser
support. So if all you need is encryption, and not authentication, you
still have to use the same system.
> the typical case of a self-signed certificate), it's a crap-shoot that
> the connection isn't already compromised and you are getting the "real"
> certificate and not a compromised, "man-in-the-middle" certificate.
There are plenty of times when I couldn't care less. There are lots of
random web sites out there that have encryption turned on where I
couldn't care less if I'm seeing the "legit" data or not. Mailing list
archives, random bugzillas, etc. If I'm just a user trying to browse
around, it doesn't matter to me whether the certificate is "invalid" or
not -- I'd browse to it even if it had no encryption/certificate at all.
> > But these are treated as "invalid" with a big scary warning to users.
>
> As they should be. I think everyone agrees that "continue" is "not scary
> enough"?
Well, no. The point was that "continue" wasn't clear. Would it
continue to load the site, would it continue to block the site because
it's "invalid", etc.
It's not that "continue" is "not scary enough", it's that it's "not
clear enough"
--Jeff
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic