J. Greenlees wrote:
3. Consider these three cases:
(a) Unencrypted connection.
(b) SSL connection with a self-signed certificate.
(c) SSL connection with a certificate signed by a known CA.
Of these three options, (a) is the riskiest context in which
to submit an HTML form; (b) and
Ka-Ping Yee wrote:
1. As mentioned in my last message, a transient warning could
appear when the user is typing text into a form on an unencrypted
site.
_Any_ unencrypted site? I suggest that this would get irritating to the
user pretty quickly.
2. Currently, typing in password fields
J. Greenlees wrote:
> the issuing of certs needs to be re-examined, and some sort of viable
> system worked out to protect end users from fraudulent use.
> far beyond the scope of any one development team, though maybe getting
> security teams from most development groups to work together on a san
Ian G wrote:
Ka-Ping Yee wrote:
It's an assumption of Gervase's current anti-phishing proposal that
everything starts with SSL. Indeed, sites really should have no
business slinging around passwords and credit card numbers in
cleartext -- it's pretty irresponsible. Here are a few thoughts
on how
Ian G wrote:
> This is what we are getting at. Real people have
> real risks. Geeks fantasize about being the target
> of NSA surveillance, but that's not the Mozilla
> target audience.
The biggest issue I have with some of the suggestions for improvement is
are they really an improvement worth
Anthony G. Atkielski wrote:
Ian G writes:
But, in practice, it would be more secure these days
to show the password in the clear all the time, as
there is nobody peeking over the shoulder most of
the time in today's computing ...
Because today, they can be sitting in a van outside, monitori
Ian G writes:
> But, in practice, it would be more secure these days
> to show the password in the clear all the time, as
> there is nobody peeking over the shoulder most of
> the time in today's computing ...
Because today, they can be sitting in a van outside, monitoring the RF
emanations of th
Ka-Ping Yee wrote:
On Wed, 23 Feb 2005, Ian G wrote:
Ka-Ping Yee wrote:
2. Currently, typing in password fields shows a bunch of stars to
give the impression that what you type is secret. Well, if we
are really serious about the necessity of SSL for keeping passwords
secret, then wh
On Wed, 23 Feb 2005, Ian G wrote:
> Ka-Ping Yee wrote:
> >2. Currently, typing in password fields shows a bunch of stars to
> >give the impression that what you type is secret. Well, if we
> >are really serious about the necessity of SSL for keeping passwords
> >secret, then why shoul
Ka-Ping Yee wrote:
It's an assumption of Gervase's current anti-phishing proposal that
everything starts with SSL. Indeed, sites really should have no
business slinging around passwords and credit card numbers in
cleartext -- it's pretty irresponsible. Here are a few thoughts
on how we might enco
It's an assumption of Gervase's current anti-phishing proposal that
everything starts with SSL. Indeed, sites really should have no
business slinging around passwords and credit card numbers in
cleartext -- it's pretty irresponsible. Here are a few thoughts
on how we might encourage the use of SS
11 matches
Mail list logo
