Mark Nottingham writes: > To the latter point -- I still find it remarkable that this is > extremely common practice: > http://ist.mit.edu/certificates > ... and the OS/browser UX doesn't warn the user of the power granted > by doing so (last I checked). I'll bite -- what _should_ the UX say? That is, what _is_ the risk (and what is the alternative that MIT should be using)? The alternative an entity not a million miles away from my desk uses is to just self-sign and expect us to click through the resulting warnings. . . ht -- Henry S. Thompson, School of Informatics, University of Edinburgh 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk URL: http://www.ltg.ed.ac.uk/~ht/ [mail from me _always_ has a .sig like this -- mail without it is forged spam]Received on Monday, 19 January 2015 09:57:30 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC