nanog mailing list archives
Re: Does your Certifying Authority have a clue who you are? Do they care?
From: Bob Beck <beck () bofh cns ualberta ca>
Date: Fri, 05 Dec 2003 09:55:56 -0700
There is an expectation that URLs which do not produce "this certificate is not trusted" messages are safe for people to use to disclose sensitive information like credit card numbers. The average consumer has been educated to this effect at great length by commerce-oriented websites and browser vendors.
Sorry, this is the night soil of a large and very well fed male ox. Anyone who believes that more than 20% of the users have been educated to do this hasn't gone around spoofing their own https sites on their wireless lans and measuring how many passwords they get. and I'm being *generous* with the 20% - I typically get a valid password 9 out of 10 connections to a spoof site. What lusers have been educated to do is "Oh look, an annoying box has popped up. click the button to make it go away so I can keep going." I seriously doubt they differentiate it too much from popup ads for porn sites or herbal viagra. -Bob
Current thread:
- Re: Does your Certifying Authority have a clue who you are? Do they care?, (continued)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Valdis . Kletnieks (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Mark Foster (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Valdis . Kletnieks (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Suresh Ramasubramanian (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Deepak Jain (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Peter Galbavy (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Steven M. Bellovin (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Damian Gerow (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Suresh Ramasubramanian (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Joe Abley (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Bob Beck (Dec 05)
- Re: Does your Certifying Authority have a clue who you are? Do they care? Joe Abley (Dec 05)