PKI too confusing to prevent phishing, part 28

John Levine johnl at
Mon Sep 26 12:26:28 EDT 2005

In article <p06230916bf5cc5955004@[]> you write:
>Summary: some phishes are going to SSL-secured sites that offer up 
>their own self-signed cert. Users see the warning and say "I've seen 
>that dialog box before, no problem", and accept the cert. From that 
>point on, the all-important lock is showing so they feel safe.

I don't get it.  When you can get a free cert good for a month and
signed by Geotrust, why waste time with self-signed certs?  See for a sample.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list