once more, with feeling.
Paul Hoffman
paul.hoffman at vpnc.org
Wed Sep 10 11:22:40 EDT 2008
At 11:21 PM +0100 9/9/08, Dave Howe wrote:
>Darren J Moffat wrote:
>> Warnings aren't enough in this context [ whey already exists ] the
>> only thing that will work is stopping the page being seen - replacing
>> it with a clearly worded explanation with *no* way to pass through
>> and render the page (okay maybe with a debug build of the browser but
>> not in the shipped product).
>
>One thing that concerns me is that in the new release of firefox, there
>appears to be NO way to get to a site that has a bad certificate (or
>self signed certificate) other than overriding the warning permanently -
>no "ok let me see it, I have seen the warning and want to look just this
>once" that the "remember mismatched domains" plugin for 2.x gave you.
That may concern you, but I consider it a feature. Instead of
teaching users to "always click through the damn dialog boxes", FF3
says "if you fell for it once, you're going to always fall for it so
we won't teach you bad habits". There are arguments for either
strategy.
Given that few or none of us on this list are actually trained
interface experts, I'm sure we could debate this until Perry pulls
the moderator switch again. The salient point is that people who have
more stake in the game (Mozilla Inc.) have spent longer thinking
about this than we give them credit for and come to the design
decisions that they have.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list