SeaMonkey Trunk Tracker

Thursday, October 11, 2007

Simplification and Complication

While the fixes for Bug 315871 and Bug 60513 allow for exporting (SSL/TLS) certificates and copy strings from alert windows, Bug 327181 marks a turning point in the treatment of (SSL/TLS) certificates that are either expired, contain a mismatching hostname or have been issued by an untrusted signing CA. Unlike IE7, which shows a warning messages but allows the user to proceed, the new Mozilla behaviour (shared by Firefox and SeaMonkey) is to completely block sites having such issues. With the current implementation, the average user is given no chance to proceed or even investigate the offending certificate. Only advanced users will find that it is still possible to add CA certificates (like the one from CAcert) to the internal certificate store (make them 'known') and mark them as trusted.

Update: Johnathan Nightingale posted an interesting comment on the issue at hand, talking about the reasons that led to the decision that something had to be changed and the possible improvements to the current situation.

Labels: ,


Post a Comment

<< Home