[13554] in cryptography@c2.net mail archive
Re: The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (Dave Howe)
Tue Jun 10 12:39:53 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Dave Howe" <DaveHowe@gmx.co.uk>
To: "Email List: Cryptography" <cryptography@metzdowd.com>
Date: Tue, 10 Jun 2003 17:32:25 +0100
Pete Chown wrote:
> It might help if browsers displayed some details of the certificate
> without being asked. For example, instead of a padlock, the browser
> could have an SSL toolbar. This would show the verified name and
> address of the site you are connected to.
or just show the verified name in the status bar
*BUT*
use a specific font that makes vaguely similar characters wildly different -
use an ornate script font for numbers, with a sans font for letters, and
symbols in a "grey" halftone bold. as long as 1 can't look like i or l and 0
is wildly different from O, a lot of "fake" sites will stand out
beautifully....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
