Dave Crocker wrote in <f648073f-7953-4b64-99f2-642d4eddf...@dcrocker.net>: |On 2/5/2024 2:08 PM, Jim Fenton wrote: |> On 5 Feb 2024, at 14:02, Dave Crocker wrote: |>> On 2/5/2024 1:56 PM, Jim Fenton wrote: ...
..because that makes me sad over and over again.. | <https://techxplore.com/tags/cross+section/> of 528 web users This is a laughable number. Mind you, we had shampoos where they advertised that the thirteen (13!) test persons reported positive things. ... |https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-th\ |e-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581 This has turned into a piece of dirt kicking shit, anti-russian, silence otherwise, scientists happy to travel to southern seas for their profession, low quality articles announced with big headlines. Maybe, of the "six human parasites you definitely don't want to host", that thing is one of them. Really. "Why weightlifting is beneficial before and after the menopause"? I won't get that hot! Many years. Now finished. (Btw i am currently listening to The Lamb Lies Down On Broadway of Genesis, and also: good luck, King Charles!, to save good Brits.) |https://www.sciencealert.com/theres-a-tiny-icon-on-your-screen-but-almos\ |t-nobody-knows-why Ok. The problem with this, in my opinion, is that you and they refer to URLs waved through because the certificate is valid according to the installed CA pool. |https://www.theverge.com/2023/5/3/23709498/google-chrome-lock-icon-web-b\ |rowser-https-security-update-redesign | |https://www.howtogeek.com/890033/google-chrome-is-ditching-the-lock-icon\ |-for-websites/ I have chrome for android (ach i wish i would have a normal linux with console applications for telephone and SMS, on a fairly-produced pinephone or so; i got that one donated on top of my decade old Nokia that is not smart. I want to point that out), and i can tell you how *noisy* that thing gets for certificates that are NOT part of the CA pool. It is an annoying mess! The problem is that people get artificially torn apart. You know, even if you look (and some graphicals give on-mouse- over title boxes) you see things like Baltimore CyberTrust Root, QuoVadis Root CA 2, Go Daddy Root Certificate Authority - G2, to name a few. Ah ya. I feel absolutely secure now. Someone paid for trust. It would be different if we would throw away all that mess, including complicated (imho) DANE, or even more complicated mess (imho), and step to simple things like DKIM's published public certificate (or only fingerprint), DNS query (chain) for the (sub+) domain(s), load the certificate, and then users can have the clear indication via relation of domain and certificate. Maybe, in such a scenario, the lock symbol as such makes sense. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim