On 19 Dec 2000, Eric Rescorla wrote:
> Erwann ABALEA <[EMAIL PROTECTED]> writes:
> > Software could be written to help solve this problem, for example to not
> > allow any connection from untrusted host, instead of asking the customer
> > if he's knowledgeable enough to accept the risks of accepting something
> > that could be potentially insecure... ;-)
> This turns out not to work in practice.
>
> Internet Explorer used to do exactly what you suggest but was
> eventually changed under pressure from customers. The problem
> is that in most cases where the certificate is wrong it's a simple
> configuration error. Users hate being denied the ability to
> connect to such sites.
Well... What I propose works. Security is always something that
"presses" the users. If these users don't want to be stressed by security,
then the level of security is lowered, by allowing the user to do dumb
things, like accepting an untrusted certificate.
NB: the random signature below is really random ;-)
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
------
Computers can never replace human stupidity.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
