 NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
4 edits | said by justin:Having a silently accepted SSL certificate is no guarantee of anything. Any phish site can be https. Not sure what you mean by "silently accepted" ... but I assume that you mean when "joe average internet user" sees "the little lock" and automatically assumes that all's ok. (or worse ... blindly clicks "proceed" when alerted to a certificate/domain mismatch!  )
And you're 100% right about phishers using SSL. As you said, SSL certs can be obtained for $17!
But by providing a hierarchically-trusted SSL sign-in page, at least the more sophisticated users (e.g. the majority of DSLR users) could be provided an extra level of assurance that the signin page itself was legit and that it hadn't been somehow spoofed or redirected (e.g. by DNS poisoning, unauthorized host file modification, etc.).
Or am I missing something here ??? |
