Re: Draft finding - "Transitioning the Web to HTTPS"

Mark Nottingham writes:

> To the latter point -- I still find it remarkable that this is
> extremely common practice:
> ... and the OS/browser UX doesn't warn the user of the power granted
> by doing so (last I checked).

I'll bite -- what _should_ the UX say?  That is, what _is_ the risk
(and what is the alternative that MIT should be using)?

The alternative an entity not a million miles away from my desk
uses is to just self-sign and expect us to click through the resulting
warnings. . .

       Henry S. Thompson, School of Informatics, University of Edinburgh
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 650-4587, e-mail:
 [mail from me _always_ has a .sig like this -- mail without it is forged spam]

Received on Monday, 19 January 2015 09:57:30 UTC