mailing list archives
Re: what if...?
From: Steven Bellovin <smb () cs columbia edu>
Date: Thu, 22 Dec 2011 22:13:40 -0500
On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote:
Marshall Eubanks wrote:
Does your Mom call you up every time she gets a dialog box complaining
about an invalid certificate ?
If she has been conditioned just to click "OK" when that happens, then
she probably can't.
Everyone I have observed clicks "ok" or "confirm exception" (if I remember the phrase correctly) as soon as possible.
Sadly I think only a few security conscious (IT) people will actually think twice and reject it if they don't trust
That to me proves this aspect ssl is somewhat flawed in that regard. But then I am preaching to the choir. :-)
See the definition of "dialog box" at http://www.w3.org/2006/WSC/wiki/Glossary
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Re: what if...? Marshall Eubanks (Dec 20)
Re: what if...? Ken Gilmour (Dec 20)
Re: what if...? Mark Andrews (Dec 20)
- Re: what if...? Jeroen van Aart (Dec 23)
- Re: what if...? Steven Bellovin (Dec 23)