Re: firefox and bad ssl certificates

2008-05-13 Thread Zak B. Elep
On Wed, May 14, 2008 at 11:40 AM, Mackenzie Morgan <[EMAIL PROTECTED]> wrote: > On Tue, 2008-05-13 at 16:24 -0400, Phillip Susi wrote: >> No, they won't, and shouldn't. Why pay some idiot corporation an >> extortion fee just because they bribed the browser manufacturers to >> include their certs b

Re: firefox and bad ssl certificates

2008-05-13 Thread Mackenzie Morgan
On Tue, 2008-05-13 at 16:24 -0400, Phillip Susi wrote: > No, they won't, and shouldn't. Why pay some idiot corporation an > extortion fee just because they bribed the browser manufacturers to > include their certs by default? There is NO added security to having a > paid for cert. See the sev

Re: firefox and bad ssl certificates

2008-05-13 Thread HggdH
> The rather larger problem is that the little lock is generally presumed by > users to mean much more than it does. Emphasizing cert validity only > compounds the problem. As an example, after today I'd be rather more > concerned if I didn't get an unknown cert warning from a Debian site th

Re: firefox and bad ssl certificates

2008-05-13 Thread Scott Kitterman
On Tue, 13 May 2008 19:32:23 -0400 (EDT) [EMAIL PROTECTED] wrote: >> No, they won't, and shouldn't. Why pay some idiot corporation an >> extortion fee just because they bribed the browser manufacturers to >> include their certs by default? There is NO added security to having a >> paid for cert.

Re: firefox and bad ssl certificates

2008-05-13 Thread ffm
> No, they won't, and shouldn't. Why pay some idiot corporation an > extortion fee just because they bribed the browser manufacturers to > include their certs by default? There is NO added security to having a > paid for cert. In 8.04, CACert is included as a provider. CACert is free. The price

Re: firefox and bad ssl certificates

2008-05-13 Thread Phillip Susi
Milan Bouchet-Valat wrote: > Notifications are never read, especially by users that are not > passionate by computers - they're exactly like there was no message at > all, only they annoy users: "click OK and then see if there's a problem" > is what OS have used people to for many years. And after

Re: firefox and bad ssl certificates

2008-05-10 Thread Todd Deshane
CAcert doesn't even have a valid certificate? https://www.cacert.org/ Todd -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: firefox and bad ssl certificates

2008-05-10 Thread HggdH
On Sat, 2008-05-10 at 16:08 +0200, Milan Bouchet-Valat wrote: > Notifications are never read, especially by users that are not > passionate by computers - they're exactly like there was no message at > all, only they annoy users: "click OK and then see if there's a problem" > is what OS have used

Re: firefox and bad ssl certificates

2008-05-10 Thread Milan Bouchet-Valat
Le vendredi 09 mai 2008 à 17:02 -0400, Phillip Susi a écrit : > Martin Pitt wrote: > > I don't consider it a new feature, but a better UI. Firefox has always > > complained about invalid certificates, but until version 2 it was just > > the well-known 'SSL yadayada cannot be verified mumblemumble c

Re: firefox and bad ssl certificates

2008-05-09 Thread Phillip Susi
Martin Pitt wrote: > I don't consider it a new feature, but a better UI. Firefox has always > complained about invalid certificates, but until version 2 it was just > the well-known 'SSL yadayada cannot be verified mumblemumble click > here to shut me up' popup dialog, and really everyone just clic

Re: firefox and bad ssl certificates

2008-05-08 Thread John McCabe-Dansted
On Thu, May 8, 2008 at 4:17 PM, Martin Pitt <[EMAIL PROTECTED]> wrote: > > Right, but also self-signed certificates (since they prove nothing). They prove that you are talking to the same server you are talking to when you first logged on. They also are sufficient to prevent passive wiretapping a

Re: firefox and bad ssl certificates

2008-05-08 Thread Martin Pitt
HggdH [2008-05-07 19:34 -0500]: > On Thu, 2008-05-08 at 00:45 +0200, Martin Pitt wrote: > > > This doesn't have anything to do with power users/n00bs. An invalid > > SSL certificate isn't any better or worse depending on the type of > > user. If a site sets up SSL with an invalid certificate, then

Re: firefox and bad ssl certificates

2008-05-07 Thread Scott Kitterman
On Wednesday 07 May 2008 22:14, Mackenzie Morgan wrote: > On Wed, 2008-05-07 at 22:05 -0400, Scott Kitterman wrote: > > On Wednesday 07 May 2008 20:34, HggdH wrote: > > > 100% with you. But it all has to start with education, not just forcing > > > a new feature down the user's throat. For most cas

Re: firefox and bad ssl certificates

2008-05-07 Thread Mackenzie Morgan
On Wed, 2008-05-07 at 22:05 -0400, Scott Kitterman wrote: > On Wednesday 07 May 2008 20:34, HggdH wrote: > > > 100% with you. But it all has to start with education, not just forcing > > a new feature down the user's throat. For most casual users, this > > education is -- from my own experience wi

Re: firefox and bad ssl certificates

2008-05-07 Thread Scott Kitterman
On Wednesday 07 May 2008 20:34, HggdH wrote: > 100% with you. But it all has to start with education, not just forcing > a new feature down the user's throat. For most casual users, this > education is -- from my own experience with casual and theoretically > technical users -- not easy. And I do

Re: firefox and bad ssl certificates

2008-05-07 Thread Scott Kitterman
On Wed, 7 May 2008 17:36:54 -0600 Neal McBurnett <[EMAIL PROTECTED]> wrote: >On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote: >> Peio Ziarsolo [2008-05-07 13:03 +0200]: >> > But for power user that know the significance of a bad certificate it's >> > annoniying add exceptions (this mor

Re: firefox and bad ssl certificates

2008-05-07 Thread HggdH
On Thu, 2008-05-08 at 00:45 +0200, Martin Pitt wrote: > This doesn't have anything to do with power users/n00bs. An invalid > SSL certificate isn't any better or worse depending on the type of > user. If a site sets up SSL with an invalid certificate, then this > buys the user nothing but a false

Re: firefox and bad ssl certificates

2008-05-07 Thread Mackenzie Morgan
On Wed, 2008-05-07 at 17:36 -0600, Neal McBurnett wrote: > E.g. how hard is it for folks to buy in to their own web of trust and > get e.g. all CACert certs accepted? > > http://cacert.org > > Neal McBurnett http://mcburnett.org/neal/ As far as I am aware, Ubuntu includes CACert

Re: firefox and bad ssl certificates

2008-05-07 Thread Neal McBurnett
On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote: > Peio Ziarsolo [2008-05-07 13:03 +0200]: > > But for power user that know the significance of a bad certificate it's > > annoniying add exceptions (this morning I have to add 3 esceptions). > > This doesn't have anything to do with powe

Re: firefox and bad ssl certificates

2008-05-07 Thread Martin Pitt
Peio Ziarsolo [2008-05-07 13:03 +0200]: > But for power user that know the significance of a bad certificate it's > annoniying add exceptions (this morning I have to add 3 esceptions). This doesn't have anything to do with power users/n00bs. An invalid SSL certificate isn't any better or worse dep

Re: firefox and bad ssl certificates

2008-05-07 Thread Alexander Sack
On Wed, May 07, 2008 at 10:57:24AM +0200, Alexander Sack wrote: > > In next firefox update the page will change a bit so users don't > confuse it with ordinary error page anymore. http://people.ubuntu.com/~asac/screenshots/bad_cert.png http://people.ubuntu.com/~asac/screenshots/bad_cert2.png

Re: firefox and bad ssl certificates

2008-05-07 Thread Peio Ziarsolo
Jatorrizko mezua: az., 2008-05-07 10:57 +0200, egilea: Alexander Sack > On Wed, May 07, 2008 at 10:31:19AM +0200, Peio Ziarsolo wrote: > > Hello everybody, > > I have found different behaviours between firefox 2 and firefox3 when > > they detect a bad ssl certificate. > > Firefox 2, when detects th

Re: firefox and bad ssl certificates

2008-05-07 Thread Alexander Sack
On Wed, May 07, 2008 at 10:31:19AM +0200, Peio Ziarsolo wrote: > Hello everybody, > I have found different behaviours between firefox 2 and firefox3 when > they detect a bad ssl certificate. > Firefox 2, when detects the bad certificate warms you about it and give > you the choise to carry on. > Fi

Re: firefox and bad ssl certificates

2008-05-07 Thread Sebastian Breier
Am Mittwoch, den 07.05.2008, 10:31 +0200 schrieb Peio Ziarsolo: > Hello everybody, > I have found different behaviours between firefox 2 and firefox3 when > they detect a bad ssl certificate. > Firefox 2, when detects the bad certificate warms you about it and give > you the choise to carry on. > F

firefox and bad ssl certificates

2008-05-07 Thread Peio Ziarsolo
Hello everybody, I have found different behaviours between firefox 2 and firefox3 when they detect a bad ssl certificate. Firefox 2, when detects the bad certificate warms you about it and give you the choise to carry on. Firefox 3, when detects the bad certificates, it show you a error page and do