Evidence that OP's are advertising SSL as a security feature, or evidence
that users are being misled into thinking they really *are* secure from a
DNS hack?
Either or both. :)
Hmm . . . well, the former was proposed as more of an IF, it's the
THEN that I'm sure about. SSL is described as a good thing so we know
which site we're dealing with, but can be explained to users as
simply "using this makes you more secure on the internet" (like when
they're shopping online). When both language and understanding can be
imprecise (it's their data, sort of part of them, residing at another
site, which we're concerned about), there's always room for some
margin of error. Kind of like quantum states where attempting to
observe the waveform can affect it.
-Shade
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
