However, I've been told that the Certificate Authorities system is
fundamentally flawed, in the sense that CAs don't communicate with each
other, any of them can sign for any domain name, and I've been told some
CAs are quite un-trustworthy. This is a scary prospect.
Are you saying that a
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit :
Hi there,
As far as I can tell, Evolution uses a default set of SSL certificate
authorities.
[...]
Will the user get (I hope) a big scary SOMETHING IS VERY WRONG warning
like SSH does when server fingerprints don't match?
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote:
As users (mostly) ignore security warnings[1], it should be useless,
IMHO.
Nice, didn't know that paper. I normally point to
http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf page 5 as
another quick explanation of the effect of such
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote:
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit :
As users (mostly) ignore security warnings[1], it should be useless,
IMHO.
SSH does not targets same users than browsers or mail readers, so users
are more likely to
