2 May 2007 slamb   » (Journeyer)

clarkbw, re: security choices

I'm not convinced there's a problem with the status quo. For the 90% of people you describe, the SSL certificate dialog box comes down to this:

Your connection to www.bigbank.com is insecure. It's likely that people are trying to steal your money.

Give them my money | Cancel

My parents don't understand X.509 PKI, but they do understand that they care if a connection is secure if and only if they plan to send financial credentials over it. They know - and the computer doesn't - what information they are planning to send. Thus, they are capable of responding to this dialog correctly 100% of the time. Choosing either option for them would be right less than 100% of the time. A complicated voting scheme would be right less than 100% of the time.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!