In article [EMAIL PROTECTED] you write:
http://www.informationweek.com/story/showArticle.jhtml?articleID=171200010
Summary: some phishes are going to SSL-secured sites that offer up
their own self-signed cert. Users see the warning and say I've seen
that dialog box before, no problem, and
In message [EMAIL PROTECTED], Jerrold Leichter writes:
Talking about users as being able only to hold one bit continues an
unfortunate attitude that, if only users weren't so dumb/careless/whatever, we
wouldn't have all these security problems.
This is an important point. When *many* people
On 9/25/05, [EMAIL PROTECTED] (Paul Hoffman) wrote:
http://www.informationweek.com/story/showArticle.jhtml?articleID=171200010
Summary: some phishes are going to SSL-secured sites that offer up
their own self-signed cert. Users see the warning and say I've seen
that dialog box before, no
Jerrold Leichter mentioned that:
a self-
signed cert is better than no cert at all: At least it can be used in an
SSH-like continuity of identity scheme.
I agree there is considerable merit to a continuity of identity
scheme.
But there are ways the idea can be improved. So let's discuss
