Re: Browser security warning

Michael(tm) Smith wrote:
> It's going to be very hard for any browser to provide information
> about the problem without mentioning the word "certificate".

Maybe hard, but I think worth trying.

> How would you suggest the browser could make an ordinary user
> understand what a certificate is so that the user can take action
> when encountering this case (a site with a self-signed cert for
> which no browser is going to have a root certificate)?
> 
> Or do you think browsers should not even bother trying to warn
> users about sites with self-signed certs? (That is, just treat
> them as they would an unsecure site without any cert.)

1st N times perhaps. If the user continues to access that site and
the same server key is used, then at some point the browser might
indicate that fact to the user.

S.

Received on Friday, 22 December 2006 13:28:07 UTC