Re: About SSL "Trick or Treat" Dialogs

On Tue, 2007-12-04 at 14:29 +0000, Stef Walter wrote:
> Dan Winship got me thinking about the "unable to verify identify of this
> certificate" dialogs we see in browsers when using self-signed or
> otherwise unverifiable certificates.
> I'm sure others have come to this conclusion: These are some of the most
> useless dialogs that exist, a major cop out. They basically asking the
> user something they can almost never possibly know.
> I'd like to propose [1] that we do away with these dialogs in GNOME. In
> my opinion if we cannot verify the certificate, then we should simply
> not show the UI elements that indicate a secure connection. We should
> just act as if the connection is like any other normal connection.

Unfortunately, one of the main UI elements that indicate a secure 
connection is the https:// URL in the URL bar. Are you proposing to
disguise that as well? 

- Owen

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]