22 Dec
2011
22 Dec
'11
10:13 p.m.
On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote:
Marshall Eubanks wrote:
Does your Mom call you up every time she gets a dialog box complaining about an invalid certificate ? If she has been conditioned just to click "OK" when that happens, then she probably can't.
Everyone I have observed clicks "ok" or "confirm exception" (if I remember the phrase correctly) as soon as possible. Sadly I think only a few security conscious (IT) people will actually think twice and reject it if they don't trust it.
That to me proves this aspect ssl is somewhat flawed in that regard. But then I am preaching to the choir. :-)
See the definition of "dialog box" at http://www.w3.org/2006/WSC/wiki/Glossary --Steve Bellovin, https://www.cs.columbia.edu/~smb