Am 09.12.2014 um 21:47 schrieb Bruno Wolff III:
On Tue, Dec 09, 2014 at 20:35:35 +0100, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:Am 09.12.2014 um 20:20 schrieb Bruno Wolff III:There should be a way to disable FF's you need to click twice to accept certs that are not signed by authorities it recognizes.why?Because I have no trust in any of the cert authorities
me too
but want to have encrypted sessions to prevent passive snooping
me toobut i want to least have a hint if i access a known site which previously did not have a cert warning and now has because by all problems with the CA stuff it's a strong indication something stinks
what you completly ignore is the fact with the current warnings of firefox after accept the self signed cert it no longer wanns *but* if that cert changes it warns again
without that you can throw away your whole encryption as long as you don't know the complete infarstructure invloved and the target domain singned with DNSSEC
security is not that easy and sadly won't never became that easythat he connection is encrypted is nice but without know the other side is the expected server completly worthless - i made a experiment in the company network by redirect facebook to our own server - it don't take long to get passwords
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
