Hi Ben, Ben Bucksch wrote:
...So it's not the CA not offering thorough validations, but the subscriber not willing to pay for it!True. Good comment.
Thank you ;-)
Yes, I believe that too! But currently they are still better in preventing mistakes made by users ,which pishing is all about...It's not, that the site in question doesn't have a valid certificate, it's the user following to the wrong site...The same user will not care too much about the color of the address bar either...Therefore the current band-aids are not the best one could hope for, but pretty effective right now...More than that, current anti-pishing functions now found in most browsers and mail clients are much better in preventing pishing attacks! I think, that on this forum most agree with the fact, that EV is not going to be effective nor the front line of defense against pishing....I disagree. I think that anti-phishing blacklists are a band-aid.
I think the most effective anti-phishing measures are: * Bookmarks
Education, education, education ;-)
* Clearly showing domain (and *only* domain) and maybe real world
owner (from cert)
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
