Am 19.04.2014 09:58, schrieb Stephan von Krawczynski:
On Sat, 19 Apr 2014 09:40:07 +0200 Reindl Harald h.reindl@thelounge.net wrote:
it is working, it is working as good as it can and if you compare the costs of 130 € for 3 years with support calls because self signed certificates and do a *real harm* by train ordinary users to ignore warnings just guess which way works
honestly if i connect to a server owned by a company coming with a self-signed certificate without got told so before i get alarmed that they may not be trustworthy because if they save the little money for the cert i may assume they save money on other important things too
Honestly, with your awareness of "as good as it can" wouldn't it be fair to tell people that they spend millions all over the planet for something that is not working? How can you expect the situation to get any better if you cover the problem by buying certs only for the reason to avoid warnings that are useless anyways?
how can you expect it get's better by self signed certificates and train users to "ignore warnings because they are useless"
you can do that for your pet's homepage where you know any visitor in person but not for the world
what you achieve is they ignore all other warnings too because guys like you told them "warnings are useless"
You know things go wrong and still do support it. I think one should have learned in the after-Snowden-era where this leads to
and where does it lead to trigger warnings all over the planet and train people to ignore them? in case of a mailserver that's not a real big problem because they amount of users is limited
on a public website it is insane to present a browser warning as welcome message
if there is a working replacement, widely supported by client-software and useable or the ordinary enduser - fine - let us adopt it - until that does not exist you are talking bullshit
well, i have an offer for you: you pay the support calls caused by certificate warnings, you pay also the harm of other ignored warnings as result of train monkeys, you go out and make *every* enduser to a tech person understand certificates and SSL before and after that we all start to drop CA certificates
deal?