> I think it will be confusing to use a different ID for the software to > detect a changed certificate and another for a human. No. The human is never involved in the check for a changed certificate. The human is only ever asked if *this* certificate, right now, is the current certificate they expect from the server. They are different things, and one is fairly much transparent to the user anyway. To be honest though, there's a limit to how much I can bring myself to care about this use case. By the time we're presenting a cert to the user in *any* form for manual acceptance, 99% of the time the game is already lost. The user is just going to click "yes" without doing any check at all. If you want security you *need* to install the CA and make the cert validate properly. Manually accepting the cert is going to be unsafe but at least we can help *later* connections by spotting when it changes. -- dwmw2
