[Edbrowse-dev] novs

[Edbrowse-dev] novs

[Karl Dahlke]

No reason to keep nocert any more,
in fact I forgot it was there at all,
but it does remind us that we really needed to address this in some fashion.

Karl Dahlke

Re: [Edbrowse-dev] novs

[Adam Thompson]

[-- Attachment #1: Type: text/plain, Size: 1251 bytes --]

On Fri, Sep 05, 2014 at 09:37:12AM -0700, Chris Brannon wrote:
> Karl Dahlke <eklhad@comcast.net> writes:
> 
> > Would it help to have a novs directive in the config file,
> > somewhat like nojs?

Plus 1 from me.

> I like it.  From a security standpoint, using novs for unimportant sites
> that you can prove are broken is better than the vs toggle.  The vs
> toggle is all-or-nothing.  I'm very forgetful.  If I turn it off to
> visit some site with a self-signed cert, odds are good that I'll forget
> to reenable it once I'm done with that site.  I'm probably not the only
> one.  I'd also argue for a novs command that could be entered from
> edbrowse's command mode.

Same here, I often use it then forget to switch verification back on.
Rather than a novs command, I'd rather have the novs configuration directive
and a command to reload the config file (possibly without running the init
function) without restarting the browser.
There's been a number of times I've wanted to do this, nojs, proxy settings,
adding functions which I then want to run  etc. Obviously this is a big feature potentially,
but I think it'd be worth doing.  I'd be willing to invest some time in this if anyone else wants it.

Cheers,
Adam.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [Edbrowse-dev] novs

[Chris Brannon]

Karl Dahlke <eklhad@comcast.net> writes:

> Would it help to have a novs directive in the config file,
> somewhat like nojs?

I like it.  From a security standpoint, using novs for unimportant sites
that you can prove are broken is better than the vs toggle.  The vs
toggle is all-or-nothing.  I'm very forgetful.  If I turn it off to
visit some site with a self-signed cert, odds are good that I'll forget
to reenable it once I'm done with that site.  I'm probably not the only
one.  I'd also argue for a novs command that could be entered from
edbrowse's command mode.
I'd be willing to work on this stuff if you lack time.

-- Chris

[Edbrowse-dev] novs

[Karl Dahlke]

A suggestion from a user.
Would it help to have a novs directive in the config file,
somewhat like nojs?
This would indicate the websites that do not have certificates,
so you don't have to type vs when you go to them.
Standard browsers do this, you click ok
and then they remember that this site doesn't have a certificate,
and they don't show you the warning message next time.
So there is precedent for this feature.

Karl Dahlke