[Cryptography] "Trust in digital certificate ecosystem eroding"

John Levine johnl at iecc.com
Sun May 3 11:45:46 EDT 2015

>It would take _considerable_ (re-)training of users to actually take
>security warnings seriously, and to reduce the number of false

All the studies I've seen say that no amount of training will make
users take security warnings seriously.  Partly it's the number of
false alarms, partly it's a not totally irrational tradeoff between
the risk of what might happen and the desire to get their work done.

If this stuff is going to work at all, it has to work automatically.


More information about the cryptography mailing list