On Tue, Sep 13, 2011 at 10:48 AM, Steven Bellovin <s...@cs.columbia.edu> wrote:
> Furthermore, > they're probably right; most of the certificate errors I've > seen over the years were from ordinary carelessness or errors, > rather than an attack; clicking "OK" is *precisely* the right > thing to do. Is anyone aware of any up-to-date data on this btw? I've had discussions with the browser makers and they have some data, but I wonder whether anyone else has any data at scale of how often users really do run into cert warnings these days. They used to be quite common, but other than 1 or 2 sites I visit regularly that I know ave self-signed certs, I *never* run into cert warnings anymore. BTW, I'm excluding "mixed content" warnings from this for the moment because they are a different but related issue. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography