Given, c) it is apparently easily bypassed for SSL phishing (c.f., Shmoo), I would say that the padlock only represents your "low assurance" grade.
Do not use the Shmoo Group IDN exploit as an example of "being easily bypassed". The community has reacted very strongly to this problem for a reason; I don't think you will see many IDN exploits in the future, because the browsers are going to lock things down on a per-TLD basis so each TLD has to convince them (or a trusted third party, perhaps) that they have sufficient anti-homograph policies in place.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
