On 8 Jan 2013 at 17:06, Jeffrey Walton wrote: > > https://www203.americanexpress.com > That's not too egregious (though its bad). What frustrates me is when > they send you to a different domain for the authentication or a > transaction. I won't add sites to the trusted base just because a web > master thought it was a good idea.
Similar thing for me: One of my accounts is with StellarOne bank. Main site is not HTTPS nor redirects. But when you put in your account ID you get sent to netteller.com with a certificate owned by Jack Henry and Associates, Inc. I called the bank to ask about that and they said that that's OK -- "Jack Henry", whoever that is, handles their online banking machinery so it is a legit redirect. But it sure was disconcerting... /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[email protected] Pearisburg, VA --> Too many people, too few sheep <-- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
