[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Disabling the warning for self signed certificates in Tor Browser



Georg Koppen:
> antispam06@xxxxxxx:
>> Could Tor Browser kill or minimize the warning triggered by entering a
>> site with a self signed certificate?
> Killing is not a good idea. What do you mean with "minimize"?

A self-signed certificate is better than no certificate. Given the
trouble with a CA, it might be just as good as a CA certificate.

Anyway, This Connection is Untrusted. Good. The Aholes from Firefox
never bothered to write the same warning about plain HTTP connections.
Ain't it funny? I know at least a dozen sites that do password
authentification through HTTP. Are they any better?

And I can't just browse the site after that warning. I can go to
disney.com with "Get me out of here".

Than there is that user friendly "Technical Details" which would make
any granny click and get her glasses on 'cuz it's time to check the
signatures. Maybe for you, the tech guys, that means something to be
thankful for being so easy to reach. I don't think that the Iranian
disident or the Turkish journalist would feel the same next time.

I click I understand the risks. And nothing. I acknowledged the risk.
Yet the browser won't let me proceed. So you have two extra paragraphs
of curses. If they were so interesting, why aren't they on the first page?

So finally I can add an exception. Which I have to confirm.

Why not something like the NoScript banner/warning?

Why not the same curses on ANY unencrypted page, or at least those that
present the user with a password field?

I checked that with Autistici.org. They have a wonderful AES 256bit key.
All my online banking is done over RC4 128bit at best. That is as strong
as Wikipedia! Autistici.org does generate that need for three extra
pointless clicks. Any of my banking sites generates nothing. Any of the
sites and forums that do authenticate through HTTP generate nothing.

Sure it sounds like a conspiracy. But why feed the dangerous game of the
CAs? Why do the free software has to fill the pockets of these
companies? Why kick the sites that do care about their users in the
teeth unless they pay for the CA ransom?

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk