@jasonrobinson Another certificate authority is not a new technology.
Just to clarify again:
This is not about pods using CACert certificates, which is possible anyhow. It’s about allowing interpod-communication (federation) with pods using CACert-certificates.
Still totally against this. Anything that makes it likely that some users will not see some posts or will get security popups will just help to kill Diaspora* and make it just another geeky hackerspace.
@jasonrobinson Actually at the moment users will not see posts from users on CACert-pods. And referring to @jonnehass embedding content from CACert pods will not provoke popups! - So I don’t see your point!?
Can someone explain why there will not be a warning given to user for posts coming from a pod without a “valid” cert? In terms that even I can understand. Maybe we have no votes who just don’t understand the issue.
I think the current problem with Firefox 23 not allowing HTTP-content in an HTTPS page is a great example for what we risk: a broken stream. Imagine a user accepted CaCert authority in his desktop browser. Then he uses his mobile and see that there are missing images (they are linked directly from the origin pod), but have no idea why. We don’t want that, so what should we do? Warn him it’s because he didn’t add cacert authority? Then explain him how to do that? On a mobile browser, not obvious. I’m almost even sure that you can’t with the default browser.
We have to avoid creating different behaviors depending on the user configuration. It’s the game of the web, have the same rendering in every platform…
Yes, that is expected. But the point is that for the large majority there won’t be any popups. On my list of things to include in the explanation when mentioning that CACert would be a possibility was the fact that remote people won’t see the images, I was very aware of that from the start.
So what is the conclusion? If this motion passes and the implementation is done correctly, the ONLY effect is that some people will not see images from pods with CACert?
My version of Opera is the last one before they shifted to Webkit, which might explain the difference. I think a fair few people decided not to upgrade at that point, so there are probably others who use older versions.
Well 12.14 only came out 6 months ago, so isn’t really old… but I’ve just discovered there is now a 12.16, which came out last month, so have updated to that, and still get the warnings.
I’m keen not to move up to 15 because I like Opera with the Presto engine, and have read that Webkit is causing issues so would rather not upgrade further. As I say, it seems as though a fair number of Opera users feel the same.
I’m sorry, “the majority won’t see security popups” isn’t good enough for me. Dolphin/Android browsers are very popular and missing photos confuses people too. I don’t have a mobile apple device to test their very popular browser. If it can be demonstrated that no users will get warnings, I will change my vote.
I think we have a big problem. I tested the default Android browser that comes with 4.2.2 (CyanogenMod, but prob no different?) - and two popups are generated.
Android being the most popular mobile operating system around I really don’t think we should do this now. Rather when the situation changes, we should adapt. If we start accepting cacerts now and the situation gets worse - we cannot go back and have locked D* into a popup heaven.
Other browsers I tested (on Ubuntu) are Firefox 23, Chromium 28, Midori 0.4.3 and Epiphany 3.6.1 - no popups in any of those but also of course no images shown.
Of course we could filter out posts from the stream based on user agent but that is getting a bit hacky.
I’m sad that I had to vote no on this. Having CACert as a valid CA would have been perfect for my usecase, which is hosting a private pod on a subdomain without giving big money to snakeoily CAs. But as the system is set up right now, we can’t do anything about the content that the user receives directly from the CACert-certified pods, and they most probably would get error messages or warnings. If images would be proxied through the users own pod, this might be viable, so maybe this should be implemented.