nanog mailing list archives

Re: what if...?

From: Steven Bellovin <smb () cs columbia edu>
Date: Thu, 22 Dec 2011 22:13:40 -0500


On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote:

Marshall Eubanks wrote:

Does your Mom call you up every time she gets a dialog box complaining
about an invalid certificate ?
If she has been conditioned just to click "OK" when that happens, then
she probably can't.


Everyone I have observed clicks "ok" or "confirm exception" (if I remember the phrase correctly) as soon as possible. 
Sadly I think only a few security conscious (IT) people will actually think twice and reject it if they don't trust 
it.

That to me proves this aspect ssl is somewhat flawed in that regard. But then I am preaching to the choir. :-)



See the definition of "dialog box" at http://www.w3.org/2006/WSC/wiki/Glossary

                --Steve Bellovin, https://www.cs.columbia.edu/~smb

Current thread:

Re: what if...?, (continued)
- Re: what if...? Valdis . Kletnieks (Dec 20)
  - Re: what if...? bmanning (Dec 20)
  - Message not available
    - Re: what if...? Valdis . Kletnieks (Dec 20)
    - Re: what if...? Michael Sinatra (Dec 20)
- Re: what if...? Jared Mauch (Dec 20)
  - Re: what if...? Christian de Larrinaga (Dec 20)
    - Re: what if...? Seth Mattinen (Dec 20)
    - Message not available
    - Re: what if...? Seth Mattinen (Dec 20)
- Re: what if...? Marshall Eubanks (Dec 20)
  - Re: what if...? Jeroen van Aart (Dec 22)
    - Re: what if...? Steven Bellovin (Dec 22)
- Re: what if...? Ken Gilmour (Dec 20)
- Re: what if...? Mark Andrews (Dec 20)