[147821] in North American Network Operators' Group
Re: what if...?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu Dec 22 22:15:23 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4EF3C57C.1010108@mompl.net>
Date: Thu, 22 Dec 2011 22:13:40 -0500
To: Jeroen van Aart <jeroen@mompl.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote:
> Marshall Eubanks wrote:
>> Does your Mom call you up every time she gets a dialog box =
complaining
>> about an invalid certificate ?
>> If she has been conditioned just to click "OK" when that happens, =
then
>> she probably can't.
>=20
> Everyone I have observed clicks "ok" or "confirm exception" (if I =
remember the phrase correctly) as soon as possible. Sadly I think only a =
few security conscious (IT) people will actually think twice and reject =
it if they don't trust it.
>=20
> That to me proves this aspect ssl is somewhat flawed in that regard. =
But then I am preaching to the choir. :-)
See the definition of "dialog box" at =
http://www.w3.org/2006/WSC/wiki/Glossary
--Steve Bellovin, https://www.cs.columbia.edu/~smb
