PKI too confusing to prevent phishing, part 28
John Levine
johnl at iecc.com
Mon Sep 26 12:26:28 EDT 2005
In article <p06230916bf5cc5955004@[10.20.30.249]> you write:
><http://www.informationweek.com/story/showArticle.jhtml?articleID=171200010>
>
>Summary: some phishes are going to SSL-secured sites that offer up
>their own self-signed cert. Users see the warning and say "I've seen
>that dialog box before, no problem", and accept the cert. From that
>point on, the all-important lock is showing so they feel safe.
I don't get it. When you can get a free cert good for a month and
signed by Geotrust, why waste time with self-signed certs? See
http://zblog.abuse.net for a sample.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list