[HTTPS-Everywhere] CA requirement
Peter Eckersley
pde at eff.org
Fri May 24 09:34:34 PDT 2013
We could do much more to work around cert warnings (perhaps not self-signed
ones, but a more likely example would be cases like Akamai certs for sites'
CDN domains) if this API were
implemented:
https://bugzilla.mozilla.org/show_bug.cgi?id=644640
Frustratingly, I think that about a year or so back someone pointed me to a
hack we might be able to use to work around this problem even without a proper
API, but I can no longer find that code example.
On Fri, May 24, 2013 at 05:38:09PM +1000, oneofthem wrote:
> Why doesn't https everywhere include sites that use self signed certs?
> Its not like having a CA signed cert makes a site more secure.
>
>
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
>
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list