What I meant is that it doesn't make any sense to show a scary warning in the case of "encrypted but not verified" pages, but don't show any warning in the case of "neither encrypted nor verified" plain http pages. The second is strictly less secure than the first... yet the browser induces the user to think that it is actually more secure.
About the security model of CA certificates, I recommend this talk: http://m.youtube.com/watch?v=pDmj_xe7EIQ -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
