David Thiel writes:
> the least, just check an environment variable for a certificate store, and
> if it's there, verify and turn the status bar green. Otherwise, it stays
> red.
Agreed. And +1 for trying a TOFU-only experiment; that could be exciting.
On 02/09/10 23:54, Alexander Surma wrote:
> Well, the connection is definitely encrypted. Regardless of a man in
> the middle or not ;)
> However - I see your point.
> My suggestion would be, that we allow yet another userscript to handle
> this. I for one do not care for verifying certificates. Bu
Well, the connection is definitely encrypted. Regardless of a man in
the middle or not ;)
However - I see your point.
My suggestion would be, that we allow yet another userscript to handle
this. I for one do not care for verifying certificates. But for those
who do, some kind of interface would be
On Tue, Feb 09, 2010 at 06:56:39PM -0500, Kurt H Maier wrote:
> SSL can do two things:
>
> 1) provide site-to-site encryption
Without certificate verification in some form, you have no way of
knowing that. Your connection could be decrypted and re-encrypted by any
number of parties along the way
On Tue, 9 Feb 2010 18:56:39 -0500, Kurt H Maier
wrote:
> On Tue, Feb 9, 2010 at 6:09 PM, Chris Palmer
> wrote:
>> Letting people believe that any SSL connection is good is actually
worse
>> than nothing, because it creates a false sense of security.
>>
>> I have serious qualms about depending on
On Tue, Feb 9, 2010 at 6:09 PM, Chris Palmer wrote:
> Letting people believe that any SSL connection is good is actually worse
> than nothing, because it creates a false sense of security.
>
> I have serious qualms about depending on CAs (the false sense of security
> they engender is even more of
I really like that Surf shows a red bar for HTTP connections and a green bar
for HTTPS connections. The trouble is, Surf has no store of CA certificates,
so can't be verifying server certificates. It is just assuming that any SSL
connection is good.
However, active network attacks are so easy to p
