Comments: Mozilla nears formal policy on new CAs

Ian,

It seems to be that the SSL function is potentially useful but the CA nonsense is a disaster. The disaster is the result of trying to make it all transparent to the user and place ultimate trust in an "authority".

Now it may well be that most users cannot be expected to mess around with certs and stuff. But couldn't the browser have a simple button which the user could poke when he is viewing an https page that he thinks is legitimate. And then thereafter the browser would accept that cert as the valid one for that site (or whatever) and warn the user if it is not present.

Every user his own certificate authority! Given all the pitfalls of this wouldn't it be an improvement?

Best,

CCS

Posted by CCS at February 6, 2005 06:19 PM

I wish! That's a button we'd all love. The problem is there is a widespread belief that the user does not know their own sites and they cannot be permitted to be part of the security decision. This derives from the resistance to popup warnings full of technospeak that they've quite rightly rejected over the years.

Posted by Iang at February 6, 2005 06:22 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x562efbb25a58) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.