On Wed, May 14, 2008 at 11:40 AM, Mackenzie Morgan <[EMAIL PROTECTED]> wrote:
> On Tue, 2008-05-13 at 16:24 -0400, Phillip Susi wrote:
>> No, they won't, and shouldn't. Why pay some idiot corporation an
>> extortion fee just because they bribed the browser manufacturers to
>> include their certs b
On Tue, 2008-05-13 at 16:24 -0400, Phillip Susi wrote:
> No, they won't, and shouldn't. Why pay some idiot corporation an
> extortion fee just because they bribed the browser manufacturers to
> include their certs by default? There is NO added security to having a
> paid for cert. See the sev
> The rather larger problem is that the little lock is generally presumed by
> users to mean much more than it does. Emphasizing cert validity only
> compounds the problem. As an example, after today I'd be rather more
> concerned if I didn't get an unknown cert warning from a Debian site th
On Tue, 13 May 2008 19:32:23 -0400 (EDT) [EMAIL PROTECTED] wrote:
>> No, they won't, and shouldn't. Why pay some idiot corporation an
>> extortion fee just because they bribed the browser manufacturers to
>> include their certs by default? There is NO added security to having a
>> paid for cert.
> No, they won't, and shouldn't. Why pay some idiot corporation an
> extortion fee just because they bribed the browser manufacturers to
> include their certs by default? There is NO added security to having a
> paid for cert.
In 8.04, CACert is included as a provider. CACert is free. The price
Milan Bouchet-Valat wrote:
> Notifications are never read, especially by users that are not
> passionate by computers - they're exactly like there was no message at
> all, only they annoy users: "click OK and then see if there's a problem"
> is what OS have used people to for many years. And after
CAcert doesn't even have a valid certificate?
https://www.cacert.org/
Todd
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
On Sat, 2008-05-10 at 16:08 +0200, Milan Bouchet-Valat wrote:
> Notifications are never read, especially by users that are not
> passionate by computers - they're exactly like there was no message at
> all, only they annoy users: "click OK and then see if there's a problem"
> is what OS have used
Le vendredi 09 mai 2008 à 17:02 -0400, Phillip Susi a écrit :
> Martin Pitt wrote:
> > I don't consider it a new feature, but a better UI. Firefox has always
> > complained about invalid certificates, but until version 2 it was just
> > the well-known 'SSL yadayada cannot be verified mumblemumble c
Martin Pitt wrote:
> I don't consider it a new feature, but a better UI. Firefox has always
> complained about invalid certificates, but until version 2 it was just
> the well-known 'SSL yadayada cannot be verified mumblemumble click
> here to shut me up' popup dialog, and really everyone just clic
On Thu, May 8, 2008 at 4:17 PM, Martin Pitt <[EMAIL PROTECTED]> wrote:
>
> Right, but also self-signed certificates (since they prove nothing).
They prove that you are talking to the same server you are talking to when
you first logged on. They also are sufficient to prevent passive wiretapping
a
HggdH [2008-05-07 19:34 -0500]:
> On Thu, 2008-05-08 at 00:45 +0200, Martin Pitt wrote:
>
> > This doesn't have anything to do with power users/n00bs. An invalid
> > SSL certificate isn't any better or worse depending on the type of
> > user. If a site sets up SSL with an invalid certificate, then
On Wednesday 07 May 2008 22:14, Mackenzie Morgan wrote:
> On Wed, 2008-05-07 at 22:05 -0400, Scott Kitterman wrote:
> > On Wednesday 07 May 2008 20:34, HggdH wrote:
> > > 100% with you. But it all has to start with education, not just forcing
> > > a new feature down the user's throat. For most cas
On Wed, 2008-05-07 at 22:05 -0400, Scott Kitterman wrote:
> On Wednesday 07 May 2008 20:34, HggdH wrote:
>
> > 100% with you. But it all has to start with education, not just forcing
> > a new feature down the user's throat. For most casual users, this
> > education is -- from my own experience wi
On Wednesday 07 May 2008 20:34, HggdH wrote:
> 100% with you. But it all has to start with education, not just forcing
> a new feature down the user's throat. For most casual users, this
> education is -- from my own experience with casual and theoretically
> technical users -- not easy. And I do
On Wed, 7 May 2008 17:36:54 -0600 Neal McBurnett <[EMAIL PROTECTED]>
wrote:
>On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote:
>> Peio Ziarsolo [2008-05-07 13:03 +0200]:
>> > But for power user that know the significance of a bad certificate it's
>> > annoniying add exceptions (this mor
On Thu, 2008-05-08 at 00:45 +0200, Martin Pitt wrote:
> This doesn't have anything to do with power users/n00bs. An invalid
> SSL certificate isn't any better or worse depending on the type of
> user. If a site sets up SSL with an invalid certificate, then this
> buys the user nothing but a false
On Wed, 2008-05-07 at 17:36 -0600, Neal McBurnett wrote:
> E.g. how hard is it for folks to buy in to their own web of trust and
> get e.g. all CACert certs accepted?
>
> http://cacert.org
>
> Neal McBurnett http://mcburnett.org/neal/
As far as I am aware, Ubuntu includes CACert
On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote:
> Peio Ziarsolo [2008-05-07 13:03 +0200]:
> > But for power user that know the significance of a bad certificate it's
> > annoniying add exceptions (this morning I have to add 3 esceptions).
>
> This doesn't have anything to do with powe
Peio Ziarsolo [2008-05-07 13:03 +0200]:
> But for power user that know the significance of a bad certificate it's
> annoniying add exceptions (this morning I have to add 3 esceptions).
This doesn't have anything to do with power users/n00bs. An invalid
SSL certificate isn't any better or worse dep
On Wed, May 07, 2008 at 10:57:24AM +0200, Alexander Sack wrote:
>
> In next firefox update the page will change a bit so users don't
> confuse it with ordinary error page anymore.
http://people.ubuntu.com/~asac/screenshots/bad_cert.png
http://people.ubuntu.com/~asac/screenshots/bad_cert2.png
Jatorrizko mezua: az., 2008-05-07 10:57 +0200, egilea: Alexander Sack
> On Wed, May 07, 2008 at 10:31:19AM +0200, Peio Ziarsolo wrote:
> > Hello everybody,
> > I have found different behaviours between firefox 2 and firefox3 when
> > they detect a bad ssl certificate.
> > Firefox 2, when detects th
On Wed, May 07, 2008 at 10:31:19AM +0200, Peio Ziarsolo wrote:
> Hello everybody,
> I have found different behaviours between firefox 2 and firefox3 when
> they detect a bad ssl certificate.
> Firefox 2, when detects the bad certificate warms you about it and give
> you the choise to carry on.
> Fi
Am Mittwoch, den 07.05.2008, 10:31 +0200 schrieb Peio Ziarsolo:
> Hello everybody,
> I have found different behaviours between firefox 2 and firefox3 when
> they detect a bad ssl certificate.
> Firefox 2, when detects the bad certificate warms you about it and give
> you the choise to carry on.
> F
Hello everybody,
I have found different behaviours between firefox 2 and firefox3 when
they detect a bad ssl certificate.
Firefox 2, when detects the bad certificate warms you about it and give
you the choise to carry on.
Firefox 3, when detects the bad certificates, it show you a error page
and do
25 matches
Mail list logo