On Mon, Mar 30, 2009 at 09:50:20 -0700, Craig White <craigwhite@xxxxxxxxxxx> wrote: > I'm not sure that I agree with you at all but your being vague. If I > assume that you are talking about the way Firefox handles untrusted > certificates with their alert and requires you to 'get the certificate' > and accept & store or merely temporarily accept, then I disagree...I > very much like the way they are handling untrusted certificates. By > contrast, the way most portable devices such as iPhones, Blackberries, > etc. handle untrusted certificates glosses over these details to the > point of scary. Because you have to jump through hoops if all you want is protection from passiv eavesdropping and not assurance that I am connected to the correct web site. (And even the roots CAs don't provide that. They provide assurance about the connection matching the domain name, which isn't really the same thing.) > I'm not sure at all what you are accomplishing by removing the normally > trusted root certificates. If I return to a site I notice whether or not the certificate has changed. The UI still sucks for this, since it wasn't designed to be used this way. I have no special trust relationship with any of the organizations that have their certs included in firefox, and they don't certify what I really want to know, so they just get in the way. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
