[tor-talk] Disabling the warning for self signed certificates in Tor Browser

Juan juan.g71 at gmail.com
Wed Apr 23 22:25:33 UTC 2014 

On Wed, 23 Apr 2014 09:07:02 +0000
antispam06 at sent.at wrote:

> Georg Koppen:
> > antispam06 at sent.at:
> >> Could Tor Browser kill or minimize the warning triggered by
> >> entering a site with a self signed certificate?
> > Killing is not a good idea. What do you mean with "minimize"?
> 
> A self-signed certificate is better than no certificate. Given the
> trouble with a CA, it might be just as good as a CA certificate.


	Or better? The certificates handed by the US government through
	its cronnies are compromised. A self signed
	certificate from a honest provider, less so.


	

> 
> Anyway, This Connection is Untrusted. Good. The Aholes from Firefox
> never bothered to write the same warning about plain HTTP connections.
> Ain't it funny? I know at least a dozen sites that do password
> authentification through HTTP. Are they any better?
> 
> And I can't just browse the site after that warning. I can go to
> disney.com with "Get me out of here".
> 
> Than there is that user friendly "Technical Details" which would make
> any granny click and get her glasses on 'cuz it's time to check the
> signatures. Maybe for you, the tech guys, that means something to be
> thankful for being so easy to reach. I don't think that the Iranian
> disident or the Turkish journalist would feel the same next time.
> 
> I click I understand the risks. And nothing. I acknowledged the risk.
> Yet the browser won't let me proceed. So you have two extra paragraphs
> of curses. If they were so interesting, why aren't they on the first
> page?
> 
> So finally I can add an exception. Which I have to confirm.
> 
> Why not something like the NoScript banner/warning?
> 
> Why not the same curses on ANY unencrypted page, or at least those
> that present the user with a password field?
> 
> I checked that with Autistici.org. They have a wonderful AES 256bit
> key. All my online banking is done over RC4 128bit at best. That is
> as strong as Wikipedia! Autistici.org does generate that need for
> three extra pointless clicks. Any of my banking sites generates
> nothing. Any of the sites and forums that do authenticate through
> HTTP generate nothing.
> 
> Sure it sounds like a conspiracy. But why feed the dangerous game of
> the CAs? Why do the free software has to fill the pockets of these
> companies? Why kick the sites that do care about their users in the
> teeth unless they pay for the CA ransom?
>

More information about the tor-talk mailing list