Re: About SSL "Trick or Treat" Dialogs

From: "Adam Schreiber" <sadam clemson edu>
To: "Owen Taylor" <otaylor redhat com>
Cc: stef memberwebs com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: About SSL "Trick or Treat" Dialogs
Date: Tue, 4 Dec 2007 12:12:16 -0500

On Dec 4, 2007 11:35 AM, Owen Taylor <otaylor redhat com> wrote:
>
> On Tue, 2007-12-04 at 14:29 +0000, Stef Walter wrote:
> > Dan Winship got me thinking about the "unable to verify identify of this
> > certificate" dialogs we see in browsers when using self-signed or
> > otherwise unverifiable certificates.
> >
> > I'm sure others have come to this conclusion: These are some of the most
> > useless dialogs that exist, a major cop out. They basically asking the
> > user something they can almost never possibly know.
> >
> > I'd like to propose [1] that we do away with these dialogs in GNOME. In
> > my opinion if we cannot verify the certificate, then we should simply
> > not show the UI elements that indicate a secure connection. We should
> > just act as if the connection is like any other normal connection.
>
> Unfortunately, one of the main UI elements that indicate a secure
> connection is the https:// URL in the URL bar. Are you proposing to
> disguise that as well?

Maybe just not shade it yellow.  It will still be running over ssl
like Stef said, just not "securely".

Adam

Follow-Ups:
- Re: About SSL "Trick or Treat" Dialogs
  - From: Murray Cumming

References:
- About SSL "Trick or Treat" Dialogs
  - From: Stef Walter
- Re: About SSL "Trick or Treat" Dialogs
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]