WebApp Sec mailing list archives
Re: [summary] Re: Should login pages be protected by SSL?
From: Michael Silk <michaelslists () gmail com>
Date: Fri, 24 Jun 2005 23:58:02 +1000
On 6/24/05, Wolfgang Reder <wolfgang.reder () aon at> wrote:
Michael Silk schrieb:You need to realise no-one cares about certificates.thats true but: when you use certificates, you give the user a chance to be secure (everybody is responsible for his own security),
I don't think so; you make it harder for them. I mean, now there is a whole new 'surface' open for trickery. Homographic/cryptographic more ..? it's too much complexity for the user. they don't need to care about all that fuzz. they just want to access their details. too much work! anyway. certificates do help, i guess, to ensure that even via a dns attack the site you are at is really the site you expected. but it's pretty much beyond any user to care or notice. you say that they have the option. but so what? how many users exercise that option? and even if they do, how can they be sure there isn't an underlying problem? -- Michael
Current thread:
- RE: PCI standards & Should login pages be protected by SSL?, (continued)
- RE: PCI standards & Should login pages be protected by SSL? Lyal Collins (Jun 22)
- Re: Should login pages be protected by SSL? (and comment to moderator) Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- [summary] Re: Should login pages be protected by SSL? Steve Shah (Jun 22)
- Re: [summary] Re: Should login pages be protected by SSL? Ole Kasper Olsen (Jun 23)
- Rephrased: Should login pages be protected by SSL - although it won'thelp most users? Amir Herzberg (Jun 23)
- Re: [summary] Re: Should login pages be protected by SSL? Devdas Bhagat (Jun 23)
- Re: [summary] Re: Should login pages be protected by SSL? Michael Silk (Jun 23)
- Re: [summary] Re: Should login pages be protected by SSL? Wolfgang Reder (Jun 24)
- Re: [summary] Re: Should login pages be protected by SSL? Michael Silk (Jun 24)
- Re: Should login pages be protected by SSL? Dave Ockwell-Jenner (Jun 22)
- Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 23)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 21)
- Re: Should login pages be protected by SSL? Peter Watkins (Jun 21)