WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [summary] Re: Should login pages be protected by SSL?

From: Michael Silk <michaelslists () gmail com>
Date: Fri, 24 Jun 2005 23:58:02 +1000
On 6/24/05, Wolfgang Reder <wolfgang.reder () aon at> wrote:

Michael Silk schrieb:

You need to realise no-one cares about certificates.

thats true but:
when you use certificates, you give the user a chance to be secure
(everybody is responsible for his own security),


I don't think so; you make it harder for them. I mean, now there is a
whole new 'surface' open for trickery. Homographic/cryptographic more
..?

it's too much complexity for the user. they don't need to care about
all that fuzz. they just want to access their details. too much work!

anyway. certificates do help, i guess, to ensure that even via a dns
attack the site you are at is really the site you expected. but it's
pretty much beyond any user to care or notice.

you say that they have the option. but so what? how many users
exercise that option? and even if they do, how can they be sure there
isn't an underlying problem?

-- Michael
Previous By Date Next
Previous By Thread Next

Current thread: