venom00 wrote: >> On Mon, May 2, 2011 at 7:49 PM, Georg Baum >> <georg.b...@post.rwth-aachen.de> wrote: >> > An automatic download button is too dangerous IMHO. If you >> offer that you >> > need to keep track of security issues, e.g. the recent SSL >> certificate >> > desaster. >> > >> Of curiosity, which one? Wikipedia doesn't say much. >> Liviu > > Maybe the Comodo issue [1]? > > venom00 > > [1] http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Yes. The page above sounds harmless. Read http://www.h- online.com/news/item/SSL-meltdown-forces-browser-developers-to- update-1213358.html if you want a better picture. Basically, revoking of SSL certificates is broken by design, so the stolen certificates need to be disabled by hardcoded lists in the client code, distributed via browser updates. You don't want such things in a word processor. Georg
