In message [EMAIL PROTECTED], Steve Furlong writes:
On a related note, I've worked a bit with avionics and embedded
medical software. The certification requirements for those bits of
critical code might be helpful for crypto programming.
Not quite. The name of the game is information
Adam Back wrote:
I would think it would be safer to block the site, or provide a
warning dialog.
Before we do the first redirection, we do ask the user. However, since
TrustBar is really part of our research on secure usability, we are
aware that asking the user is a very problematic
snip
David Wagner writes:
One thing that web sites could do to help is to always make
https://www.foo.com work just as well as http://www.foo.com, and
then browser plug-ins could simply translate http://www.foo.com -
https://www.foo.com for all sensitive sites. Of course, web site