On Thu, Jan 10, 2013 at 23:43:07 +0100, Björn Persson <bjorn@rombobjörn.se> wrote:
And since people don't check the certificate anyway it would be better if Firefox would silently switch to plain HTTP when it can't verify the certificate? Not just use the unverified certificate but skip all the cryptography altogether without even telling the user about it? Would that improve anything? Because that's the equivalent of what Anaconda does.
It would be better if it just noted that it didn't trust the certificate chain and continued using https, since that would still provide protection from eaves dropping by passive attackers.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
