(buried in another post) http://www.educatedguesswork.org/movabletype/archives/2005/05/what_can_the_ev.html
These are Eric Rescorla's slides from a talk he gave recently where he indicated that the dialog isn't helping, among other things. I'd recommend the slides to you all; Eric knows a lot about the techical side of SSL having written the book. Another factoid he gave was that the half-life of an OpenSSL exploit is about 50 days, see chart half way down. That's the time it takes for half of the OpenSSL servers out there to be patched with a known exploit fix. Later on, he states that the half-life for windows platforms even with automated patching is 21 days for external machines and 62 days for internal machines (presumably inside some corporate net). iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
