On Nov 21, 2014, at 1:00 AM, Michael Richardson <[email protected]> wrote: > Nobody said that unauthenticated TLS should show a "lock"
Unfortunately I think more people notice "https://"; than the lock. Although perhaps I think that because I am a geek who knows what https:// means, and regular folk actually do look at the lock icon. In any case, I think that a cert signed by this free CA does the job, because it is not a self-signed cert: there would presumably be an independent verification step, even if that step is only to show that the person getting the cert actually has control over the domain. Of course, if that is the test that is used, this sort of cert is no better than a DANE cert. I guess the one advantage is that it doesn't require DNSSEC. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
