North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Non-English Domain Names Likely Delayed
On 18 Jul 2005, at 18:43, Jason Sloderbeck wrote: If I was feeling especially cynical (and hey, who isn't on a Monday?) I'd say that the validity of an SSL site is a lot harder to judge than people think, and a savvy IT user would do well to trust very few of them.I don't know of any other IEEE/NANOG/IETF/ICANN-sanctioned method to completely confuse even a savvy IT user who is trying to determine the validity of an SSL site. For a well-known common name with a global reputation, you might have a reasonable expectation that a successful wander down a certificate chain might be worth trusting: a CA would have to be fairly remiss to issue a certificate to some random customer who claimed to be Amazon or Microsoft (or Am�zon or Micr�soft, for that matter). However, when it comes to a web store whose name isn't well-known, "good certificate" frequently means little more than "the operator of the site is able to mark up some letterhead and send a fax". And of course, nobody here would be guilty of clicking "accept" on a warning that the validity of a self-signed certificate cannot be determined. Thought not. Maybe a bit of healthy distrust is overdue for injection into the CA economy. Joe
|