[ocdtrekkie]

HSTS was specifically designed to block you from having any ignore buttons. (And Firefox refuses to implement a way to bypass it.)

But this is also why the current PKI mindset is insane. The warnings are never truly about a security problem, and users have correctly learned the warnings are useless. The CA/B is accomplishing absolutely nothing for security and absolutely everything for centralized control and platform instability.

[blibble]

> The CA/B is accomplishing absolutely nothing for security and absolutely everything for centralized control and platform instability.

is it their fault?

with the structure of the browser market today: you do what Google or Apple tell you to, or you're finished as a CA

the "forum" seems to be more of a puppet government

[ocdtrekkie]

The CA/B is basically some Apple and Google people plus a bunch of people who rubber stamp the Apple and Google positions. Everyone is culpable and it creates a self-fulfilling process. Everyone is the expert for their company's certificate policy so nobody can tell them it's dumb and everyone else can say they have no choice because the CA/B decided it.

Even Google and Apple from a corporate level likely have no idea what their CA/B reps are doing and would trust their expertise if asked, regardless of how many billions of dollars it is burning.

The CA/B has basically made itself accountable to nobody including itself, it has no incentives to balance practicality or measure effectiveness. It's basically a runaway train of ineffective policy and procedure.

[account42]

Any user agent worthy of the name will ignore that user-hostile part of the spec.