Laurie: Improving SSL certificate security

Posted Apr 7, 2011 17:27 UTC (Thu) by jthill (subscriber, #56558)
In reply to: Laurie: Improving SSL certificate security by tialaramex
Parent article: Laurie: Improving SSL certificate security

I think that makes the division of responsibility pretty clear. Why users behave that way is a research question. That there's limits to what a browser can do to keep them safe is established.

But I don't see how it affects the observation that CAs don't help in either case. Keeping the CA infrastructure is abdicating real responsibility in pursuit of an illusory one. Either way, the real security theater is here, not with any onoz.gif warnings.

And SSH might work better because of what djao said: it does exactly what the research says is necessary. It refuses to connect on a key mismatch.