If a site's cert is signed by a locally-added CA, the browser should display a prominent warning and the name of the CA.
-
New conversation
-
-
-
@richfelker IMO that would cover most legit use cases of local CAs, and allow browser vendors to treat other ones as dangerous. -
@bmastenbrook Yes, but just making it clear to the user that the source of trust is a locally-installed CA would be even more helpful. -
@richfelker don't disagree; I'm just pointing out that the current situation is also bad for legitimate local CA uses too -
@bmastenbrook Ah, yes, I agree completely then.
End of conversation
New conversation -
-
-
@richfelker it would be really nice if I could add a CA that was restricted to a particular domain... and exclude other CAs for that domain.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.