- From: George Staikos <staikos@kde.org>
- Date: Mon, 22 Jan 2007 21:18:19 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
If it is, it's rather pathetic IMHO. That's what sysadmins are for, and really, this is not hard stuff. On 22-Jan-07, at 10:12 AM, Doyle, Bill wrote: > Cert problems and complexity - Is this why many sites are just using > http for the splash page and only encrypting credentials? > > We had a long list of sites using http with credentials that had a > padlock. Many of these sites were banking or other high value sites > that only used http noting that the credentials were secure. Hope that > this direction is not a trend. > > Bill D. > wdoyle@mitre.org > > > -----Original Message----- > From: public-wsc-wg-request@w3.org > [mailto:public-wsc-wg-request@w3.org] On Behalf Of George Staikos > Sent: Sunday, January 21, 2007 10:21 PM > To: W3 Work Group > Subject: Re: use case: TLS Man in the Middle (ACTION-73) > > > > www.usair.com was pushing out the certificate for www.usairways.com > this weekend. If high-profile sites like this are screwing up this > badly, perhaps we need to take action on the UA side. I really feel > comfortable with the idea of completely blocking access to sites with > misconfigured certificates like this. Unfortunately it's another > case of "we have to break all the browsers simultaneously". > > On 9-Jan-07, at 11:50 AM, Thomas Roessler wrote: > >> >> Another in the "specific interactions" department. >> >> Alice tries to connect to a web site at <https://www.example.com/>. >> Her user agent's TLS implementation detects that the domain name >> present in the certificate differs from www.example.com. >> >> Regards, >> -- >> Thomas Roessler, W3C <tlr@w3.org> >> > > -- > George Staikos > KDE Developer http://www.kde.org/ > Staikos Computing Services Inc. http://www.staikos.net/ > > > > -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/
Received on Tuesday, 23 January 2007 02:18:31 UTC