* Peter Eisentraut (peter_e@gmx.net) wrote:
> The new firefox just says "invalid certificate" and nothing else, and the=
n=20
> somewhere below there is a small link to "Add an exception" and you need =
a=20
> total of four clicks to proceed. So that looks a lot like that they are=
=20
> moving away from easily allowing unverifyable server certificates as well.
Yes, it's extremely obnoxious and hasn't actually changed anything. We
often use certificates at work for internal web sites that aren't signed
by the santified CAs simply because it's not worth it. That causes
problems for our users when they're going to sites that are about a
billion times less likely to have been cracked into than Joe's crab shop
out on the internet. Encouraging people to believe that the PKI that's
currently being used for the web is actually meaningful is really the
first mistake.
Stephen