Presumptuous Browsers

It’s a bit of a mixed blessing, but it can be a tad irritating when a company decides what’s best for me without my consultation.  To some extent, we opt in, either through conscious choice or implied by purchases; and in so doing, we are putting our trust in the companies we choose.  But there’s a fine line and it’s easy to cross.

For example, given the ongoing drama surrounding internet encryption standards and certificates, a certain trend has developed in which browser vendors have leaned towards becoming a tad…snarky with their judgments.  For example:

This connection most certainly is secure, to which the browser will even attest upon closer examination:

Large cipher block, perfect forward secrecy, current protocol version, large hash bit size.  This is an excellently secure encrypted connection.

However

Without authentication doth not exist security, irrespective of the level of encryption.  And since the certificate for this site is self-signed (due to a lack of practical alternative options–since it’s my edgerouter), the browser cannot effectively authenticate the source of the encrypted connection.  Therefore, said encryption is useless if one cannot confirm to whom they are communicating.

Except…

I know the certificate and server are legit, and have accepted the certificate as de facto trusted and indicated such to my browser.  Yet the browser has the audacity to assert that the connection is not secure despite this.

It’s a step too far I say!  I angrily shake my fist at the monitor and log in anyway.  Fuck you!

–Simon