Yes, I'd say that is the issue. Bear in mind that
this is *not* happening now as it is too easy to
attack without using SSL at all.
Indeed. There has to be a minimum level of user education - that's unavoidable. What we are trying in Firefox is to get people to look at the status bar. Currently, the UI to look at is the lock and the domain name. In the future, there may need to be a little more, but we should keep the amount to a bare minimum.
The name of the game is to force the phishers into using SSL, in which case the obvious attack is for phishers to acquire amaz0n.com as a cert issued by noname.com.
Indeed. Once people are checking for SSL and glancing at domain names, at least, this will be where the phishers move.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
