[17277] in cryptography@c2.net mail archive
Re: Citibank discloses private information to improve security
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue May 31 12:02:26 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, jamesd@echeque.com
In-Reply-To: <42984C5C.30126.1D70B2@localhost>
Date: Tue, 31 May 2005 20:03:53 +1200
"James A. Donald" <jamesd@echeque.com> writes:
>With bank web sites, experience has shown that only 0.3% of users are
>deterred by an invalid certificate, probably because very few users have any
>idea what a certificate authority is, what it does, or why they should care.
James (and others): I really wouldn't cite the BankDirect figure as a hard
value, since it represents just a single user, who may in turn have clicked on
the wrong button (i.e. the real figure could have been 0%). It'd be better to
say "statistically insignificant" or "negligible" or some other close-to-or-
equal-to-zero synonym.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
