Main Area and Open Discussion > General Software Discussion
Using noscript to force https ssl links in firefox
f0dder:
I partially agree :)
IMHO verification is at least as important as encryption.
Perhaps self-signed certs should be allowed without hissy-fits, but there should be a clear visual distinction between self-signed and verified. Problem is that regular users would probably understand even less of that than they do now...
It's unfortunate that there's so many problems with SSL. But technical flaws aside, imho the biggest problem is the careless attitude of some of the CAs... apparently it's way too easy to do a bit of social engineering and get certs that you really shouldn't have.
PS: the security error says the cert is only valid for donationcoder.com - I assume that means it, technically, isn't valid for www.donationcoder.com ?
mouser:
gothic has it right -- and this is one of those things that FF gets very wrong..
to use a self-signed certificate in firefox, which should be a totally reasonable thing to do -- a user has to go through some pretty confusing steps that scare them every step of the way. this is a fail.
it wouldn't be so bad if the non-self-signed ssl certificate syndicate wasn't a giant money extortion racket. it's criminal how much proper wildcard ssl certificates cost.
there needs to be a way to register self-signed certificates so that they treated as trusted.. it wouldn't be so hard.. you'd just need to have someplace(s) trusted where the known owner of a site could provide a signature of the official certificate used on their site. there are so many easy ways to do this.. but i fear it's one of those things that is like free money to these companies.. they have a vested interest in basically blackmailing sites to buy these expensive certificates.
f0dder:
mouser: can't you do self-signed wildcard certs?
Anyway, since the site runs at www.donationcoder.com (and going withouyt www prefix redirects to www.doco), wouldn't it be better to make the cert for www.doco, if you can't make it for *.doco ?
mouser:
f0dder -- everything is (relatively) easy to do with self-signed certificates.
my comment was about the expense of purchasing NON-self-signed wildcard certificates.
f0dder:
f0dder -- everything is (relatively) easy to do with self-signed certificates.
my comment was about the expense of purchasing NON-self-signed wildcard certificates.
-mouser (March 31, 2009, 11:47 AM)
--- End quote ---
OK :)
I don't know what the costs are (but probably not cheap) - and I do find it unfortunate that it's such a money machine for the CAs, especially considering how little checking some of them do.
But could you (or gothic?) please make the DC cert a wildcard one, or at least make one for www.doco ? That way FF would bitch less :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version