Bruno Wolff III wrote:
> Sites with self signed certs that prevent passive snooping get treated as
> the same as going to a site without ssl and not triggering all sorts of
> inappropriate warnings that look scary and make people jump through hoops
> to bypass them.
+1, this really needs fixing. It leads to several sites actually downgrading
security (not using encryption at all) just to prevent those warnings.
We'd see much wider adoption of HTTPS if self-signed certificates weren't
treated any worse than plain unencrypted (and totally insecure) HTTP.
HTTPS should displace HTTP the same way SSH displaced telnet. Most people
think people still using telnet as a remote shell are crazy (and they're
probably right), yet they'll happily use the just as insecure unencrypted
HTTP.
Kevin Kofler
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
