[HTTPS-Everywhere] CA requirement
Seth Schoen
schoen at eff.org
Fri May 24 09:10:01 PDT 2013
oneofthem writes:
> Why doesn't https everywhere include sites that use self signed certs?
> Its not like having a CA signed cert makes a site more secure.
If we include such rules and make them active by default, they'll cause
certificate error warnings in users' browers which the users would not
otherwise have encountered. This would make some users annoyed with
HTTPS Everywhere and perhaps tend to train users to ignore these warnings.
If you don't want these warnings to be displayed, you should get in
touch with the browser developers. :-) For example, you could ask them
about their support for use of DANE to authenticate TLS keys outside of
the certificate authority system.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list