- From: Henry S. Thompson <ht@inf.ed.ac.uk>
- Date: Mon, 19 Jan 2015 09:56:46 +0000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael\[tm\] Smith" <mike@w3.org>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
Mark Nottingham writes:
> To the latter point -- I still find it remarkable that this is
> extremely common practice:
> http://ist.mit.edu/certificates
> ... and the OS/browser UX doesn't warn the user of the power granted
> by doing so (last I checked).
I'll bite -- what _should_ the UX say? That is, what _is_ the risk
(and what is the alternative that MIT should be using)?
The alternative an entity not a million miles away from my desk
uses is to just self-sign and expect us to click through the resulting
warnings. . .
ht
--
Henry S. Thompson, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail from me _always_ has a .sig like this -- mail without it is forged spam]
Received on Monday, 19 January 2015 09:57:30 UTC