Re: About SSL "Trick or Treat" Dialogs

From: Xavier Bestel <xavier bestel free fr>
To: stef memberwebs com
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: About SSL "Trick or Treat" Dialogs
Date: Tue, 04 Dec 2007 20:53:44 +0100

Le mardi 04 décembre 2007 à 14:29 +0000, Stef Walter a écrit :
> Dan Winship got me thinking about the "unable to verify identify of this
> certificate" dialogs we see in browsers when using self-signed or
> otherwise unverifiable certificates.
> 
> I'm sure others have come to this conclusion: These are some of the most
> useless dialogs that exist, a major cop out. They basically asking the
> user something they can almost never possibly know.
> 
> I'd like to propose [1] that we do away with these dialogs in GNOME. In
> my opinion if we cannot verify the certificate, then we should simply
> not show the UI elements that indicate a secure connection. We should
> just act as if the connection is like any other normal connection.

Maybe some sort of non-intrusing notification would be good: some kind
of tiny message telling the user "hey, it's https but not really secure"
but without requiring a click to get rid of it.

	Xav

Follow-Ups:
- Re: About SSL "Trick or Treat" Dialogs
  - From: Stef Walter

References:
- About SSL "Trick or Treat" Dialogs
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]