On 12/11/2010 10:28 PM, MFPA wrote: >> You authenticate Amazon by >> checking their SSL cert and seeing that it was issued >> by a trusted authority. > > Or do I just notice the padlock icon and the yellow addressbar > indicating an encrypted connection?
The two are generally synonymous. Whether a user *should* trust the same CAs as their browser vendor is a very good question -- however, the fact is the overwhelming majority of users *do*. If the browser says "a trusted CA certifies this site is for real," the user is going to believe it. > To me, the page where payment details are entered does not look much > like an example of "no user requirement to authenticate the identity > of the server, but rather a simple requirement to prevent snooping." Can't please everybody. If it was an involved process the vast majority of users wouldn't bother. Instead, it's just a "check for a padlock and a yellow address bar."
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
