Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox SSL-Certificate Debate Rages On

Posted by kdawson on from the four-screens-i-mean-really dept.

BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."

7 of 733 comments (clear)

  1. Worth it. by Shaitan+Apistos · · Score: 5, Funny

    As long as I get my awesome bar, I'll put up with anything.

    1. Re:Worth it. by the_B0fh · · Score: 2, Funny

      http:\\????

      So that you can always spot a windows user, I guess.

    2. Re:Worth it. by Dishevel · · Score: 2, Funny

      Ehh. The color blind coding coalition will release a Firefox plug in within a week that will solve the issues for the color "Challenged". :)

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    3. Re:Worth it. by Sloppy · · Score: 2, Funny

      If only there were some way that a computer could communication information to a user in monochrome.. I don't know, using words or icons or something. But the chances of anyone inventing that are slim, and whoever does it, will then have it patented for the next 20 years. Bummer. :(

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  2. Re:That's the point. by Anonymous Coward · · Score: 5, Funny

    Didn't scare me away. I just bought a laptop from neweggs.com for a fantastic price, and their cert was expired. They even added a second layer of security for credit card transactions, requesting my SSN and driver's license. I can appreciate that level of trust from a website.

  3. Oh my god. by Vexorian · · Score: 3, Funny

    What the heck is wrong with mozilla? Everybody knows convenience of web developers is more important than actually making the whole SSL stuff worth it. Who cares if allowing sites to sign their own certificates makes the whole SSL thing extremely pointless? What's important here is the webmasters' comfort.

    --

    Copyright infringement is "piracy" in the same way DRM is "consumer rape"
  4. Re:Cancel or Allow? by Anonymous Coward · · Score: 1, Funny

    The personal computer really isn't a toaster (yet).

    I run NetBSD, you insensitive clod!