[18570] in cryptography@c2.net mail archive
Re: PKI too confusing to prevent phishing, part 28
daemon@ATHENA.MIT.EDU (John Levine)
Wed Sep 28 00:39:12 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: 26 Sep 2005 16:26:28 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <p06230916bf5cc5955004@[10.20.30.249]>
Cc: paul.hoffman@vpnc.org
In article <p06230916bf5cc5955004@[10.20.30.249]> you write:
><http://www.informationweek.com/story/showArticle.jhtml?articleID=171200010>
>
>Summary: some phishes are going to SSL-secured sites that offer up
>their own self-signed cert. Users see the warning and say "I've seen
>that dialog box before, no problem", and accept the cert. From that
>point on, the all-important lock is showing so they feel safe.
I don't get it. When you can get a free cert good for a month and
signed by Geotrust, why waste time with self-signed certs? See
http://zblog.abuse.net for a sample.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
