download rmd 1.4.6 from

It took awhile but I finally got around to submitting version 1.4.6 of RMD to

RMD 1.4.6 supports Firefox and Thunderbird versions 1.5 through 2.0.12 on Windows, OSX and Linux.

RMD 1.4.6 at

(And just a reminder that RMD will not be updated to support Firefox 3).

Comments (211)

rmd 1.4.6 & no rmd for firefox 3

Last month I put together a 1.4.6 build of the Remember Mismatched Domains extension for Firefox and Thunderbird. This update is pretty much just a “maintenance release” making RMD more compatible with SELinux as well as fixing a couple of my usual localization screw ups. (Thanks to Josh for both pointing out the SELinux issue as well suggesting how to solve it).

The more exciting announcement for this update is that I’m hoping version 1.4.6 will be the final release. Back in October I wrote about the new security exception features in Firefox 3 which essentially provide the functionality that RMD has been providing for the past couple of years. Since then Firefox 3 has been steadily moving through the beta stage and soon enough will be released. (Thunderbird users will be happy to hear that the same security exception features are available in the nightly builds of the still very early Thunderbird 3). What this all means in the long run is that RMD will not be available for Firefox 3. Please note that I have every intention to continue maintaining the extension for Firefox 2 for as long as it is a Mozilla supported product.

Now’s the time to voice your questions, concerns…


Comments (233)

ad kalendas graecas

Today, nearly 4 years, 123 comments and 42 votes after having been opened, Mozilla bug 228684 – Remember overrides of Certificate Domain Name Mismatch was updated to Resolved.

Comments (4)

secure connection failed – an improvement

A patch was recently checked into the Mozilla codebase that marks bug 327181 “Improve error reporting for invalid-certificate errors” as Resolved Fixed. This bug significantly changes the way Mozilla will handle invalid certificates and as a result will hopefully make RMD redundant so earlier today I played around with a nightly build of Firefox 3.0 alpha (Minefield). My impression? I think the changes, while still rough around the edges, do a pretty good job of appeasing the various sides in the bad certificate handling saga.

The first thing you’ll notice when browsing to a website that presents an invalid security certificate is that the familiar mismatched domain error dialog is no more. Instead an in page Secure Connection Failed error is presented. Note that there is no way to temporarily accept the mismatch and visit the website:

secure connection failed

Before websites that present invalid certificates can be visited the certificate must first be added to the new security exceptions list. The dialog for this list is intentionally buried in the Preferences / Options dialog:
Edit > Preferences > Advanced > Encryption > View Certificates > Servers -> Add Exception…

Firefox - Add Security Exception

For current users of RMD I think it would be helpful to get your impressions of the changes and so I put together a little screencast of the new functionality in action. I encourage you to take a look and provide Mozilla with your feedback. Even better would be to download a recent build of Minefield and try it out for yourself.

Watch the overriding invalid certs screencast.

Comments (8)

i don’t need no stinkin’ extension

RMD history buffs will probably recall that the Remember Mismatched Domains extension was born out of my red-faced frustration with constantly having to accept the domain mismatch when checking my Dreamhost hosted email.

Knowing that, you’ll appreciate how thrilled I was to see that last week Dreamhost made some changes that promised to properly resolve my domain mismatch errors once and for all. No extension required.

I don't need no stinkin' extension

As I was reading through the comments on the Dreamhost post announcing the changes however, my elation soon turned to… I don’t know, I still can’t find words for how ridiculous this has all become.

The bottom line? Uninstall RMD! As of last week, if you’re using a current version of Thunderbird you can now use your Dreamhost hosted email without having to accept a domain name mismatch error each time. Just follow the “Another way to get rid of the Domain Name Mismatch error” instructions on the Dreamhost wiki. (Atleast until Thunderbird is updated to actually comply with the X.509 spec).

The long story? Anybody know the current measurement for irony these days? If it were still measured by the foot I’d say we have atleast 10 feet of irony in this story… From my point of view here’s the lay of the land:

- I wrote an extension that works around a problem in Mozilla’s implementation of the SSL specification.

- Some of the Mozilla SSL folks feel that said extension is just plain wrong as it circumvents the SSL standard and the problem should really be solved by the owner of the SSL certificate.

- When renewing their SSL certificate Dreamhost, (who own the SSL certificate), changed things so that the mismatch is no longer presented – (in current versions of Mozilla Thunderbird).

- Mozilla’s implementation of the SSL specification is wrong and should probably be changed.

- When that change is made, the changes made by Dreamhost will be in vain.

- A bunch of geeks look really intelligent but this shit is still frustrating.

The only proper reaction to all of this? Laugh. (Or if you’re in need of an excuse, drink).

Comments (18)