Slashdot links[0] to a paper[1] about EV certificates today. I haven't actually
read the paper or the linked article, but the blurb contains the provocative line
"The study, based on user testing, found that EV certificates don't improve
users' ability to detect attacks, that the interface can be spoofed, and that
training users actually decreases their ability to detect attacks."
Since I haven't actually read it I'm not going to make any judgments, just
thought I'd put it out here for anyone who doesn't read slashdot to see.
[0] http://it.slashdot.org/article.pl?sid=07/01/26/1325228
[1] http://www.usablesecurity.org/papers/jackson.pdf (PDF)
--
dolphinling
<http://dolphinling.net/>
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
