On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote: > Marshall Eubanks wrote: >> Does your Mom call you up every time she gets a dialog box complaining >> about an invalid certificate ? >> If she has been conditioned just to click "OK" when that happens, then >> she probably can't. > > Everyone I have observed clicks "ok" or "confirm exception" (if I remember > the phrase correctly) as soon as possible. Sadly I think only a few security > conscious (IT) people will actually think twice and reject it if they don't > trust it. > > That to me proves this aspect ssl is somewhat flawed in that regard. But then > I am preaching to the choir. :-)
See the definition of "dialog box" at http://www.w3.org/2006/WSC/wiki/Glossary --Steve Bellovin, https://www.cs.columbia.edu/~smb
