|
|
|
|
|
|
by atonse
3465 days ago
|
|
|
This theoretically seems like a good way to alert users, but what exactly would you even tell users? Most users barely understand past "make sure the padlock is there" – and many more technical users that I've observed don't even understand SSL warnings apart from "it's still SSL, make the warning go away" – so, showing a prompt about something even more obscure like static key exchange, will be lost on all but the most advanced security people. There are already plenty of ways for enterprises to get around this, like having their own CA and deploying that as a trusted CA to their machines. Then they can issue certs that their proxies could use, and their machines would just trust those certs. Why don't they just use that method? |
|
|