List of known security holes in KDE's SSL implementation and HTTPS support in
Konqueror.
-----------------------------------------------------------------------------


1)  Pages containing mixed SSL and non-SSL elements are not detected currently.
  This means that a malicious site could embed parts of a valid site inside
an invalid site and trick the browser into thinking that the whole site is
valid.  This is incomplete code.


2)  Autocompletion in form fields in HTTPS mode will result in various fields
such as pin numbers and possibly credit cards or other sensitive information
being silently written to disk in some cases.


3)  Certificate revocation lists (CRLs) are not implemented.  This should be
done after 2.2.


4)  The full SSL certificate chain is not being displayed for chain-verified
sites.  The check is still being done but the user cannot see the chain of
authentication.  This was not done yet due to message freeze.



