Heikki Toivonen wrote:
Duane wrote:
In the end they decided to try it and now they enter the website address
of their bank each time (they don't use bookmarks or click on links in
emails) to make sure they connect to the right site each time. So
So for them the current SSL model is actually enough.
No the current model is seriously flawed and they have to put a lot more
effort in to prevent mistakes (and that isn't to say as humans they
won't make a mistake and slip up!)
We have computers capable of billions of calculations a second that can
easily tell them if they're going to the wrong site instead they have to
exert a lot of effort to guess the same thing.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
"I do not try to dance better than anyone else.
I only try to dance better than myself."
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
