Linked by Thom Holwerda on Fri 29th Aug 2008 13:23 UTC, submitted by irbis
Mozilla & Gecko clones Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate.
Permalink for comment 328552
To read all comments associated with this story, please click here.
intangible
Member since:
2005-07-06

My solution:
Two separate warnings:
1. Invalid or expired certificates: always bad... like current behavior
2. Self-signed or unknown certificate authorities: allow a simpler way to accept cert on first visit to a site (with some explanation about how only encryption is enabled but no identity verification has been done), but keep track whenever a site's certificate has changed on subsequent visits and show warning about man-in-middle attacks.

Easy!

Edited 2008-08-29 23:41 UTC

Reply Parent Score: 3