[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Disabling the warning for self signed certificates in Tor Browser

Am 2014-04-22 08:54, schrieb Georg Koppen:
> antispam06@xxxxxxx:
>> Could Tor Browser kill or minimize the warning triggered by entering a
>> site with a self signed certificate?
> Killing is not a good idea. What do you mean with "minimize"?
> Georg
I've wanted that for browsers too. Don't kill it, but notify
("non-blocking") that you should manually verify a checksum (bonus: just
display the sha1 directly).

You should check a checksum manually either way. Contious web services
post the sha1 of a new certificate (or offer to send it via sms or
whatever) and offer you to check it manually. Although it's signed by
some CA.

Self-signing is not at all less secure, quite often the opposite is true.

I'd *love* a firefox-notification (just like "plugin is missing") that
just reads the sha1 of the certificate in big letters.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to