C. D. Rok wrote: > Ram0502 wrote: > > ...Trust and security are native concepts to people > > while cryptography is not so if I were developing software that used > > cryptography to help improve user security I would use natural > > constructs to present security decisions and hide to the greatest > > extent possible the underlying science. > > That layer used to hide the science is a Petri dish on which the > expolits breed.
I agree. Thought it's not always the weak point. The RSA implementation in NSS has never IIRC been found to be a failure point in the wild. I'm not saying their perfect just that it's not worth attacking as it's not a practical weakpoint. I think overall there are UI lackings that have greater impact on web client security than the quality of the RSA or SSL implementations in the NSS (or CAPI) stack do. I'm not always convinced when dealing with car repair that I got an accurate assesment or a fair price, I depend on reputations as reported by people I know and journalists and my own experiences and instincts ; I think this is the nature of the compromise we make when we decide to pay others to do things for us. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
