Hey Ian,
We're getting someone else reporting something similar, but it's hard to reliably reproduce it in order to track it down. If you can add anything to the conversation, the bug's here:
https://bugzilla.mozilla.org/show_bug.cgi?id=436870
I, for instance, have had FC's cert trusted for some time without it disappearing on me.
I sort of suspect that a particular breed of bad cert is busting our exception adding code, and causing us to trash the exceptions file. It would be especially helpful to know whether the kaboom happened shortly after adding a particular cert, or after nothing in particular.
Posted by Johnathan Nightingale at June 3, 2008 05:09 PMMy feed reader refuses to use your feed because of the certificate. It would be awesome if you could provide an alternate (non-HTTPS?) URL for the feed.
By the way, I ran into the same problem with Firefox when posting this comment.
Posted by Brian Smith at June 4, 2008 08:46 AM> My feed reader refuses to use your feed because of
> the certificate. It would be awesome if you could
> provide an alternate (non-HTTPS?) URL for the feed.
I think in theory the HTTP URLs should always work just as well as the HTTPS URLs. Have you tried that?
The problem is of course that various software switches dynamically from one to the other without reference. And, it is somewhat of a security failure to permit that ...
> By the way, I ran into the same problem with Firefox
> when posting this comment.
Um, you mean, while posting the comments, it switched across to HTTPS so that your Firefox started grumbling over the cert? Yes, there is a preference in some of the HTML to send future clicks across to the HTTPS. See above.
What to do? The only comprehensive answers that work always are to (a) abandon HTTPS completely or to (b) pay the browser tax and buy the verisign thing.
Given the amount of "security" the browser tax purchases, (a) is the only economically sane choice. Which damns HTTPS for security work....
Posted by Iang at June 5, 2008 01:41 PM