[5427] in cryptography@c2.net mail archive
Re: going around the crypto
daemon@ATHENA.MIT.EDU (Marcus Leech)
Sat Aug 21 20:10:31 1999
Date: Mon, 16 Aug 1999 09:31:54 -0400
From: "Marcus Leech" <mleech@nortelnetworks.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: EKR <ekr@rtfm.com>, cryptography@c2.net
"Steven M. Bellovin" wrote:
>
> It's clearly not automatic, but I suspect it would work....
>
User behaviour is the weak point here--while the browsers WILL notify
you that the cert is signed by a CA you don't recognize, they also
give you the option of accepting the cert, which most users will just
blindly accept. Netscape gives you a couple of options here--accept
the site cert for this session only, or accept it forever; I expect lots
of users will choose "forever", since that's simpler.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------
