[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?
Theodore Ts'o
tytso at mit.edu
Mon Feb 13 10:29:17 EST 2017
On Mon, Feb 13, 2017 at 02:23:02PM +0000, Joseph Kilcullen wrote:
> On 10-Feb-17 3:34 PM, Theodore Ts'o wrote:
> > .........less complicated than Joseph Kilcullen's .......
>
> After receiving a TLS certificate with a valid digital signature the browser
> demonstrates behaviour which cannot be counterfeited i.e. by displaying an
> image from the local hard disk. Something remote websites cannot do. How
> could this be considered complex?
Which users have to verify. And for which they have been repeated
demonstrated they aren't able to do reliably.
> Mostly you are not discussing my solution. That's why I keep telling you
> about it. Everything you entered up there is cool. I get it. But it has
> nothing to do with my solution. Nothing!
The above is something which *is* applicable to your solution. If you
don't believe it, or believe that your solution is somehow special,
you are welcome to bankroll some human factors lab to do a study
specific to your design...
- Ted
More information about the cryptography
mailing list