David Thiel writes:
> the least, just check an environment variable for a certificate store, and
> if it's there, verify and turn the status bar green. Otherwise, it stays
> red.
Agreed. And +1 for trying a TOFU-only experiment; that could be exciting.
On 02/09/10 23:54, Alexander Surma wrote:
> Well, the connection is definitely encrypted. Regardless of a man in
> the middle or not ;)
> However - I see your point.
> My suggestion would be, that we allow yet another userscript to handle
> this. I for one do not care for verifying certificates. Bu
Well, the connection is definitely encrypted. Regardless of a man in
the middle or not ;)
However - I see your point.
My suggestion would be, that we allow yet another userscript to handle
this. I for one do not care for verifying certificates. But for those
who do, some kind of interface would be
On Tue, Feb 09, 2010 at 06:56:39PM -0500, Kurt H Maier wrote:
> SSL can do two things:
>
> 1) provide site-to-site encryption
Without certificate verification in some form, you have no way of
knowing that. Your connection could be decrypted and re-encrypted by any
number of parties along the way
On Tue, 9 Feb 2010 18:56:39 -0500, Kurt H Maier
wrote:
> On Tue, Feb 9, 2010 at 6:09 PM, Chris Palmer
> wrote:
>> Letting people believe that any SSL connection is good is actually
worse
>> than nothing, because it creates a false sense of security.
>>
>> I have serious qualms about depending on
On Tue, Feb 9, 2010 at 6:09 PM, Chris Palmer wrote:
> Letting people believe that any SSL connection is good is actually worse
> than nothing, because it creates a false sense of security.
>
> I have serious qualms about depending on CAs (the false sense of security
> they engender is even more of
