ΕΕΛ/ΛΑΚ - Λίστες Ταχυδρομείου

fyi... Firefox 3's Step Backwards For Self-Signed Certificates

...

 If you've switched over to Firefox 3 as your Web browser already --
and in general it's a fine upgrade -- you may at some point discover
that rather than encourage (or at least not overly discourage) the use
of self-signed security certificates, Firefox 3 makes it less likely
that anyone other than an expert user will ever accept a self-signed
certificate. This is particularly of concern to me since I've urged an
expansion of self-signed certs deployment as a stopgap measure toward
pervasive encryption.

Compared with Firefox 2, version 3 throws up so many barriers and
scary-sounding warnings to click through to accept such certs, that it
would be completely understandable if most persons immediately
aborted.

What's going on is that Firefox is now putting so much emphasis on
identity confirmation that it's making it even harder for people to
use the basic encryption functionality of the browser, which works
just fine with self-signed certificates (which admittedly are not good
carriers for identity credentials).

But in many situations, we're not concerned about identity in
particular, we just want to get the basic https: crypto stream up and
running.

I am fully aware of the associated identity considerations, and I know
that basic signed certificates that will work in Firefox and some
other browsers (but last I heard not in Internet Explorer at this
time) can be obtained for free. If browser acceptance of free signed
certs broadens out (and especially if wildcard certificates also
become freely available) the need for self-signed certificates could
significantly diminish.

But for now, Firefox 3 is going overboard with its complicated and
alarming warnings, which if nothing else could include improved
explanatory text, so that users would be able to better judge whether
or not they should accept any particular self-signed certificate. The
current wording is unreasonably judgmental given the range of
perfectly legitimate situations where self-signed certificates might
be used.

I'm not saying to give self-signed certs the same invisible, automatic
acceptance as signed certificates, but Firefox 3 has simply gone too
far toward making self-signed certs unusable -- from a practical
standpoint -- in many situations where they otherwise would be
completely adequate and suitable.
...
http://lauren.vortex.com/archive/000402.html




-- 
P Πριν εκτυπώσετε αυτό το μήνυμα, σκεφθείτε το περιβάλλον! Ένα χαρτί
λιγότερο! - http://karounos.gr/blog/

πλοήγηση μηνυμάτων