I don't know if this is a problem specific to Guix or upstream; I can give IceCat a try in a Debian VM tomorrow. But I want to make others aware of the problem in the meantime:
Even if sites are using HTTPS, IceCat is still saying "This connection is insecure" if you click on the "i" icon in the URL bar. This seems to be a problem with every HTTPS site I visit. On the "Security" tab of the "Page Info" dialog, under "Technical Details", no certificate information is listed; it simply says "Connection Not Encrypted". That's clearly not true, otherwise the page would fail to load. I've tried with sites that use HSTS and don't even support plaintext connections (e.g. my own)---the pages load just fine. I haven't played around with sites with expired certificates or anything yet. But if IceCat is not reporting security status correctly, then users may be at risk, so be careful in the meantime! -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
