> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of James A. Donald > Sent: Saturday, May 28, 2005 1:48 PM > > With bank web sites, experience has shown that only 0.3% of > users are deterred by an invalid certificate, probably > because very few users have any idea what a certificate > authority is, what it does, or why they should care. > I assume you refer to the BankDirect case with the accidentally invalid certificate.
In this situation, I believe that the users, through hard won experience with computers, _correctly_ assumed this was a false positive. If an attack had actually occurred, the users would have been wrong. Luckily for them, they were correct and did not let the mistake interfere with their commerce. The one in 300 users that did let the mistake interfere wasted their time and, perhaps, money if they lost money due to the delay in access. As it stands, the system works reasonably well (of course it still has its share of problems). If 300 out of 300 users wasted time and money because of the mistake (say if the system were designed so users could not bypass the possibly bad certificate warning), the security folks in ivory towers may pat themselves on the back saying, "look, the system works great!" - the actual users of the technology would be more then a little ticked. A brittle system that cannot accept failures will always have trouble dealing with us fallible types. I'm not familiar with the BankDirect site, but if it like banking sites I am used to, it is fairly impersonal and easy to spoof. One way to reduce the ease-of-spoof factor is to add many ways to identify the bank web site. If one or two of them fail, the web site is probably still valid. Ways to identify a site include certificates, personalized greetings ("Hello Michael, Welcome back, you haven't been here in 4 days and we've missed you"), code words, the PetName tool, green light by anti-phishing software, even the URL and overall look-and-feel. So what if a couple of them fail? That happens all the time and we have to expect that and design our systems to work in spite of it. -Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]