It not a website that provide a context in this topic.
It is about CD, the fact it provides a choice when DV-SSL webpages are involved but none if a plugin rely on DV-SSL connection (such plugin won’t work)
Much more striking is that a plugin making an http connection to a 3rd party site would not have been seemingly blocked nor notified to the user. ???
http connections cannot be assumed to rely on any type of certificate and they would share similar consideration as far CD plug-in support goes.
I have previously asked for suggestions on how you all would like to be notified that a plugin/extension is using a DV cert, but it got partially ignored. DV certs are evil, evil, evil.
Melih: Simple solution: Acquire WOT and get it a EV cert
I don’t have access to the Dragon code, but as far as I can see only DV warnings are present in Dragon. (Only available via a browser session, not behind the scene) There are no other notifications to my knowledge
Knowing and agreeing with Melih on DV certs, I don’t foresee an exclusion list getting added. It defeats the purpose of the DV warning. However, making this list function like Firefox’s “Add Exception” for SSL certificates, might work as this would mean the user EXPLICITLY trusts the site.
What Endymion suggests is the simplest approach, but yes you would have to be able to manage (at least remove) exceptions. IT also seems to me that OV certs should receive warnings as well - maybe this would be optional.
A more selective approach would be to (have the option of) warning only when the user tries to post or otherwise send data?
Indeed and what I meant is that I thought firefox approach was not my suggestion whenever I was asking informations to understand how much it matched my earliest hopes about a foreseeable evolution of CD.
Whenever new features will be implemented with a degree of reconfigurability this would be also relevant to increase user compliance and CD adoption whereas deal-breaker limitations (eg loss of functionality) would be reduced or nullified.
I guess we should all distil our best ideas into the wishlist item? This issue is a classic example of something that appears as a bug to the user, but as a wishlist item to the developer
Though I wish so, I’m not sure how much feasible is warning about silent 3rd party connection made by extensions.
The best way would allow the user to be aware to what sites an extension connects-to so the extension is limited to these sites alone.
But it is not unlikely that an extension might attempt connection to different sites at different times whereas the user might not approve/consent some of those sites.
Other than wishing for a possible solution to the above I would be fine to get all extensions to work (even if it means to allow extension to rely on DV-SSL connections)
If the the design is seemingly meant to notify (and let user choose if block) about DV-SSL then I wish the design will be consistently extended to extensions.
Though I feel difficult to generalize over what is not a bug considering this topic outline a loss of functionality (silent blocking of extensions using DV_SSL) over vanilla chromium.
Whereas vanilla chromium can be considered a legitimate reference, CD undoubtedly also provides new useful features and functionalities (eg DV-SSL notification for webpages).
