(In reply to comment #187)
> This is really not the place to advertize for your company.
> As a reminder, Gerv wrote a very detailed post on his blog some time ago:
> http://www.gerv.net/security/self-signed-certs/
Uh, if Security = Encryption * Authentication, then is it a valid bug to note that firefox fails to display a nasty banner every time a user browses a site that doesn't use SSL? In theory that is just as dangerous as a site that uses SSL with an untrusted certificate.
Don't get me wrong - I'm fine with informing the user about the security of a website, but it seems wrong to me that a site that uses no encryption or authentication at all is treated as perfectly safe when a site that uses strong encryption but a questionable form of authentication is treated as being extremely dangerous.
(In reply to comment #187) www.gerv. net/security/ self-signed- certs/
> This is really not the place to advertize for your company.
> As a reminder, Gerv wrote a very detailed post on his blog some time ago:
> http://
Uh, if Security = Encryption * Authentication, then is it a valid bug to note that firefox fails to display a nasty banner every time a user browses a site that doesn't use SSL? In theory that is just as dangerous as a site that uses SSL with an untrusted certificate.
Don't get me wrong - I'm fine with informing the user about the security of a website, but it seems wrong to me that a site that uses no encryption or authentication at all is treated as perfectly safe when a site that uses strong encryption but a questionable form of authentication is treated as being extremely dangerous.