lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Patch for SSL warning

From: Stef Caunter
Subject: Re: lynx-dev Patch for SSL warning
Date: Wed, 20 Nov 2002 07:04:40 -0500 
> You need to install the signing certificate from a trusted source.  If
> the college is not providing a trustworthy source for doing this they
> are encouraging bad practice for users of all browsers.

I have been unclear. The security implications of the warning speak for
themselves.
Many good and configurable browsers let you turn off this warning.
I have never seen this before in lynx/ssl and would like to disable it. I
could go back to dev8 which does not do this, but I think that putting this
warning in (which requires keystroke input! grrr...) makes the initial
browser experience (more) unpleasant, especially when combined with
INFO/ALERTSECS:3 defaults in lynx.cfg.

  Not having
> used SSL builds of Lynx, I don't know how you install one, but I suspect
> you just copy it to the appropriate directory.  For IE you would double
> click a .crt file (again taken from a trustworthy source).
>

This could be an openssl solution which could be maybe be put into lynx-docs
or somewhere helpful.

> This warning indicates that there is a prima facie case that you are not
> talking to the server that you think you are talking to.
>

Okay, but in this and many cases it simply means one is trusting a
non-commercial CA cert sent from a machine down the hall.

Stef

> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
>


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]