On 12/18/05, Ben Laurie <[EMAIL PROTECTED]> wrote: > > It would happen at least as much as it happens with > > https, and it happens enough with https that false > > negatives enormously outweigh true negatives. > > True, but I don't see false negatives very often with https at all. And > I visit far more web sites than I log into machines with ssh. So, I'm > not really buying this.
Firefox rarely gives me false negatives. IE tends to be a bit picker. The most common one involves sites that mix http and https on the same page. There's also no way to disable that warning. > > An expert will reflexively click through a dialog that > > is almost certainly a false negative. > > That's just not true. It reminds me of the base-rate fallacy: http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf -- http://www.lightconsulting.com/~travis/ -><- P=NP if (P=0 or N=1) "My love for mathematics is like 1/x as x approaches 0." GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]