Re: Mozilla tool to self-verify HTTPS site

2003-07-02 Thread Ian Grigg
Marc Branchaud wrote: Ian Grigg wrote: Tying the certificate into the core crypto protocol seems to be a poor design choice; outsourcing any certification to a higher layer seems to work much better out in the field. I'll reserve judgement about the significance of SSLBar, but I

Re: Mozilla tool to self-verify HTTPS site

2003-06-30 Thread Marc Branchaud
Ian Grigg wrote: Tying the certificate into the core crypto protocol seems to be a poor design choice; outsourcing any certification to a higher layer seems to work much better out in the field. I'll reserve judgement about the significance of SSLBar, but I couldn't agree more with the above

Mozilla tool to self-verify HTTPS site

2003-06-24 Thread Ian Grigg
http://sslbar.metropipe.net/ Fantastic news: coders are starting to work on the failed security model of secure browsing and improve it where it matters, in the browser. This plugin for Mozilla shows the SSL certificate's fingerprint on the web browser's toolbar. It's a small step for the

Re: Mozilla tool to self-verify HTTPS site

2003-06-24 Thread Victor . Duchovni
On Tue, 24 Jun 2003, Ian Grigg wrote: http://sslbar.metropipe.net/ Fantastic news: coders are starting to work on the failed security model of secure browsing and improve it where it matters, in the browser. This plugin for Mozilla shows the SSL certificate's fingerprint on the web

Re: Mozilla tool to self-verify HTTPS site

2003-06-24 Thread Ian Grigg
[EMAIL PROTECTED] wrote: How many users can remember MD5 checksums??? If they were rendered into something pronounceable via S/Key like dictionaries it might be more useful... You forgot this bit: It's a small step for the user, but a giant leap for userland security. It means that