Linked by Thom Holwerda on Fri 29th Aug 2008 13:23 UTC, submitted by irbis
Mozilla & Gecko clones Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate.
Thread beginning with comment 328893
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Everyone is missing the point
by JoHa on Tue 2nd Sep 2008 08:50 UTC in reply to "Everyone is missing the point"
JoHa
Member since:
2005-08-16

I just encountered FF's new process for the first time, and at first glance it did seem a bit clunky, but it wasn't any problem for me to step through and add an exception. Now, I was adding an exception for my own webmail system, but the extra steps made me think twice about doing it, even for that. I certainly applaud FF for making me think twice!

For regular users who have no clue about how SSL works, it's essential that they not just get the old one-screen click-thru. Users are way too conditioned to click through error messages and warnings that read like gobbledygook to them.

People need to understand that it's very easy to spoof or man-in-the-middle a site with an invalid cert or self-signed cert. They're worse than no cert in some ways, because they provide the illusion of security. Hackers stealing credentials usually set up bogus OWA, webmail, intra/extranet and hotspot login pages, the very thing lazy IT admins don't bother configuring a real cert for.

If you're running a serious ecommerce business, then you'll buy a Verisign cert and pay out the nose, but there are plenty of cheap options for other folks. If you're IT admin for a large number of internal systems and don't want to pay for certs, like a university, the *right* thing to do is just to make yourself a CA.

Reply Parent Score: 1