On 05/18/2010 02:48 PM, From Gervase Markham:
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
"For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be false positives."
Although he now admits that last half-sentence was "a little
provocative":
http://weblogs.mozillazine.org/gerv/archives/2009/12/certificate_errors.html
"I completely agree that even 100% false positives doesn’t mean we can
get rid of the technology."
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Obviously it would be desirable to reduce certificate errors and today
it's far easier to get rid of them then in the past. It's mostly due to
missing knowledge, laziness or stubbornness, but has little to do how
browsers treat such errors.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
