Re: Does your Certifying Authority have a clue who you are? Do they care?

[Joe Abley <jabley () isc org>]

On 5 Dec 2003, at 11:55, Bob Beck wrote:

> > There is an expectation that URLs which do not produce "this
> > certificate is not trusted" messages are safe for people to use to
> > disclose sensitive information like credit card numbers. The average
> > consumer has been educated to this effect at great length by
> > commerce-oriented websites and browser vendors.
>
>         Sorry, this is the night soil of a large and very well fed
> male ox. Anyone who believes that more than 20% of the users have been
> educated to do this hasn't gone around spoofing their own https sites
> on their wireless lans and measuring how many passwords they get.

20% of users is more than enough to create a helpdesk nightmare for a 
web hosting company, and represents sufficient potential lost revenue 
to make any merchant give money to a CA.