The real problem that https has conspicuously failed to fix
Dave Howe
DaveHowe at gmx.co.uk
Tue Jun 10 12:32:25 EDT 2003
Pete Chown wrote:
> It might help if browsers displayed some details of the certificate
> without being asked. For example, instead of a padlock, the browser
> could have an SSL toolbar. This would show the verified name and
> address of the site you are connected to.
or just show the verified name in the status bar
*BUT*
use a specific font that makes vaguely similar characters wildly different -
use an ornate script font for numbers, with a sans font for letters, and
symbols in a "grey" halftone bold. as long as 1 can't look like i or l and 0
is wildly different from O, a lot of "fake" sites will stand out
beautifully....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list