Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox SSL-Certificate Debate Rages On

Posted by kdawson on from the four-screens-i-mean-really dept.

BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."

2 of 733 comments (clear)

  1. Extortion and SSL certificates by jolyonr · · Score: 0, Offtopic

    Ok. $150 a year might not be extortion in your mind for a few lines of bytes and very little, if any, actual verification of who you are.

    I'll assume for the moment that $150 a year is good value for money.

    But why the HELL do they charge an absolute FORTUNE for wildcard SSL certificates (*.mydomain.com)? Is it any extra work for them?

    No. Pure profiteering.

    Jolyon

    --


    Please read my Canon EOS tech blog at http://www.everyothershot.com
  2. Re:Worth it. by itpr15061 · · Score: 0, Offtopic

    No kidding.

    Clearly it is nobody but LinkedIn's responsibility to keep their cert up to date. Getting a warning about an expired cert is the whole point.

    It's been interesting to see security and certificates come full circle. A while back we heard about how the "padlock" wouldn't appear if you were using frames and not every frame on the page was encrypted (I'm not talking about firefox specifically here) and users needed to see that padlock in order to be safe. Security was important! Now users can't be bothered that a message appears telling them that things aren't right. Security is an inconvenience!

    There is no way to appease both camps, so we might as well leave the folks thinking it's inconvenient in the cold. At least then we have some security.