Julien Pierre wrote:
Only if you are encrypting to the correct party, and not to a thief. This is why we have CAs and trust.
Ian made a point of this about a Gold company using a self signed certificate and not having a problem. At this current point in time if I were a thief, there are numerous ways of getting information out of people for not much more then the cost of a pen. So is all the fuss about security so over rated to the point that people resort to using unencrypted emails, and unencrypted websites just because security is too costly or too difficult? I'd say yes, the first site (say google for example) their browser will tell the user about entering information into unencrypted websites, the user will dismiss that dialog box because they are only doing a simple search (by default it won't come back).
I guess I am the only one in the world who has that option turned on, the dialog does come up for every one of my google search and other posts. And I know to watch for it when I submit sensitive data. It has come up on a few occasions. In Mozilla, the dialog is on by default. And if you click "continue", the dialog will come back. You have to explictly uncheck "alert me whenever I submit information that's not encrypted". Perhaps we should have another dialog explaining to the user in plain english but with more detail what they are really doing by disabling this option, with a second confirmation dialog. It should stay enabled.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
