[19323] in cryptography@c2.net mail archive
Re: Crypto and UI issues
daemon@ATHENA.MIT.EDU (Travis H.)
Mon Dec 19 10:12:15 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 19 Dec 2005 00:48:28 -0600
From: "Travis H." <solinym@gmail.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com
In-Reply-To: <43A62C87.9060202@algroup.co.uk>
On 12/18/05, Ben Laurie <ben@algroup.co.uk> wrote:
> > It would happen at least as much as it happens with
> > https, and it happens enough with https that false
> > negatives enormously outweigh true negatives.
>
> True, but I don't see false negatives very often with https at all. And
> I visit far more web sites than I log into machines with ssh. So, I'm
> not really buying this.
Firefox rarely gives me false negatives. IE tends to be a bit picker.
The most common one involves sites that mix http and https on the same
page. There's also no way to disable that warning.
> > An expert will reflexively click through a dialog that
> > is almost certainly a false negative.
>
> That's just not true.
It reminds me of the base-rate fallacy:
http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf
--
http://www.lightconsulting.com/~travis/ -><- P=3DNP if (P=3D0 or N=3D1)
"My love for mathematics is like 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
