On 31/03/11 09:59, Bernhard Reiter wrote:
Am Freitag, 25. März 2011 17:36:51 schrieb Werner Koch:
Of course I assume that the user won't go over the list of root CAs and
delete almost all of them. Barely nobody does that.
People have to be encouraged to do this and helped
with lists and tools. It will raise the security bar a bit
on this suboptimal system.
Not if the system also includes the human who needed the help.
If they need the help then they they can't manage or understand trust
and don't know how to respond to the untrusted warning messages they are
more likely to get having made the change.
If they aren't going to get any additional untrusted warning messages
then it won't make any difference what you do.
if they do get the messages it will be in response to sites that they
want to use. The change won't help them asses the validity of the site
certificate, and may increase their chance of being deceived.
So you've changed the system, but it is hard to show that you have made
it more secure.
Sam
_______________________________________________
Discussion mailing list
[email protected]
https://mail.fsfeurope.org/mailman/listinfo/discussion
