

Is the Mozilla FireFox 3 SSL policy bad for the web? - lmacvittie
http://devcentral.f5.com/weblogs/macvittie/archive/2008/08/05/3516.aspx

======
jodrellblank
I'm not at all for it. It's bloody annoying.

So many firewalls and routers and lights out cards and remote access
controllers and other misc. network kit - firefox 3 is tripping over itself to
get in my way as much as possible.

On another note, Windows mobile does this about Exchange Activesync
connections, and some carriers force you to edit the registry to allow self
signed certificates, then make you install the certificate.

It was such a breath of fresh air when the iPhone just said "Trust this site?
Yes / No", I clicked "Yes" and that was it.

The real problem is that it's no more secure. It's IN MY FACE, but the result
is not me comparing hashes and generating trusted certificates and bringing
the devices back to this office and connecting by console to install the
certificates over a known a trusted connection (because trusting the site,
then installing a certificate is not secure if the site is already subject to
a man in the middle attack)... I still skip over it, but now I hate firefox
because of it as well.

And if the end result isn't more security, and is more annoying, then it's not
a good solution.

