On Tue, 2007-12-04 at 13:45 -0500, Pat Suwalski wrote:
> Owen Taylor wrote:
> > If you are connecting on an insecure network (say coffee shop wireless)
> > then a https connection to an untrusted certificate is a distinctly weak
> > form of security.
> >
> > It tells you that you have a encrypted connection to *somebody*.
>
> That is correct, of course. It is, however, more secure than an open
> connection. Case in point, on my mail server, which I know I connected
> to properly on my wired network, and which I told Thunderbird to
> remember, is not signed by a trusted authority and looks different by
> host name on an outside network.
>
> When I connect to it from outside, my password is still not traveling
> through the net in plain text.
>
> Whether by broken design or broken economics, there will always be a lot
> of certificates that cannot be authenticated against a CA.
>
> Yes, the security is weakened, but there still needs to be something
> informing the user that their data isn't flying through the air in clear
> text.
The right way to do this is to go to an advanced settings dialog
somewhere and add your self-signed certificate.
Then:
A) you'll be able to connect to your mail server from an insecure
network
B) you don't further break the https ecosystem
To put it bluntly, users do not want to become experts in gradiations of
"how secure is this connection". And we should not go around adding
those gradiations to handle cases most users will never see.
- Owen
Attachment:
signature.asc
Description: This is a digitally signed message part