Crypto and UI issues
Travis H.
solinym at gmail.com
Mon Dec 19 01:48:28 EST 2005
On 12/18/05, Ben Laurie <ben at algroup.co.uk> wrote:
> > It would happen at least as much as it happens with
> > https, and it happens enough with https that false
> > negatives enormously outweigh true negatives.
>
> True, but I don't see false negatives very often with https at all. And
> I visit far more web sites than I log into machines with ssh. So, I'm
> not really buying this.
Firefox rarely gives me false negatives. IE tends to be a bit picker.
The most common one involves sites that mix http and https on the same
page. There's also no way to disable that warning.
> > An expert will reflexively click through a dialog that
> > is almost certainly a false negative.
>
> That's just not true.
It reminds me of the base-rate fallacy:
http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf
--
http://www.lightconsulting.com/~travis/ -><- P=NP if (P=0 or N=1)
"My love for mathematics is like 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list