[tor-talk] Disabling the warning for self signed certificates in Tor Browser
Martin Kepplinger
martink at posteo.de
Wed Apr 23 07:46:44 UTC 2014
Am 2014-04-22 08:54, schrieb Georg Koppen:
> antispam06 at sent.at:
>> Could Tor Browser kill or minimize the warning triggered by entering a
>> site with a self signed certificate?
>
> Killing is not a good idea. What do you mean with "minimize"?
>
> Georg
>
>
>
>
I've wanted that for browsers too. Don't kill it, but notify
("non-blocking") that you should manually verify a checksum (bonus: just
display the sha1 directly).
You should check a checksum manually either way. Contious web services
post the sha1 of a new certificate (or offer to send it via sms or
whatever) and offer you to check it manually. Although it's signed by
some CA.
Self-signing is not at all less secure, quite often the opposite is true.
I'd *love* a firefox-notification (just like "plugin is missing") that
just reads the sha1 of the certificate in big letters.
More information about the tor-talk
mailing list