On Tue, Apr 27, 2010 at 04:59:55PM -0500, Bruno Wolff III wrote: > On Tue, Apr 27, 2010 at 17:55:39 -0400, > Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote: > > > > Epiphany is a non-starter. In the default configuration, it doesn't > > validate SSL certificates at all (bug 569577). An unbranded Mozilla > > browser would be a much better choice. > > The way Firefox does it, is more to help companies sell certificates than to > actually help security. agreed. I did recently look into the list of CAs trusted by Firefox, it looks bad. There are CAs from countries all over the world. I would say that 99% of users do not need a CA from some mid-eastern or far-eastern countries. But each and every of these can give a forged certificate for anything that will be gladly accepted by Firefox. To me the security model of Firefox appears too permissive. I have seen online banks which do include page elements, even javascript from 3 parties severs, different domains and certificates. Yet there is one URL shown and the user is lead to believe everthing is certified by the same authority. Richard -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
