Stuart Ballard wrote:
>
> Ronald van Kuijk wrote:
> >
> > Ben Bucksch wrote:
> > >
> > >We just shouldn't imply that because you sprinkle magic crypto dust on
> > >an e-mail, that it is automatically genuine. People still need to use
> > >their brain, or they will lose sometimes.
> > >
> > That's just the problem. So many people currently don't use their brain
> > and will do it even less if they get flooded by self-signed certificates.
>
> Are you (and Ben) seriously suggesting that an encrypted message sent to
> a self-signed key belonging to even a naive user is *no more secure*
> than a plaintext email?
I think the point that Ronald and Ben addressed was that if the user
gets flooded by self-signed certificates it will not be possible to
make him validate a certificate properly later at all. It's just a
matter of humans getting used to bad habits. One has to consider
this when designing a UI.
Ciao, Michael.
