Re: use condoms, that will insure less climate change

[Nick FitzGerald <nick () virus-l demon co uk>]

Robert Graham wrote:

> Although my sarcasm might not show it, I think expired/self-signed certs
> are just fine (better than nothing), and that Firefox is overreacting.  ...

Whilst I agree on the first point, so long as the user understands what 
the point of the cert is, I think that FF is especially keen on 
blocking access to sites with certs from non-recognized CAs in response 
to a brief spurt of phishing sites using just that kind of cert, and 
successfully tripping up folk whose understanding of the point of certs 
and "secure" pages was "if there is a padlock it is _safe_".

That is, it was a technological response to grossly simplified (and 
thus failed) "user education"...



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.