On 9/3/2011 3:51 PM, Lee wrote:
Lee, you bring up an interesting point about certificate warnings & ignoring them. Sometimes I get from Firefox 5, 6 - the warnings, "We can't verify the authenticity of the certificate." It may give a reason - like it's expired. Quite often these are bank / investment / insurance sites. Sometimes, the warning comes from Kaspersky IS. Either way, it sometimes turns out - if I call CS, they "are aware of the problem" - like expired certificate. I guess they don't really keep up w/ it.On 9/3/11, Joe Btfsplk<joebtfsplk@xxxxxxx> wrote:No. I understand Tor Project's main concern is Tor / TBB. I fail to understand why the issue / problem being discussed is in any way limited to Tor or a few softwares.My understanding is that the issue is common to all 'secured' web sites. HTTP is trivially subverted; HTTPS needs a valid cert or the user clicking past a "No, I don't care about my security; go there anyway" warning before it can be subverted.
But, it could just as easily be someone faking it. AFAIK, an avg user has no way to tell if it's a fake or if a site let certificate expire, except call CS. My guess is most "avg" users think, "I know I typed the correct address, & it says "HTTPS" at the top, so I'm safe." Wrong. From the very beginning of HTTPS & certificates, I wondered what will prevent people from eventually faking some part or another of the "system." I guess it's statistically safer than plain HTTP, but not foolproof by any stretch. Yet, sites promote it as being totally safe. I can't even convince several financial sites to allow more than 10 PW chars, & to allow special characters.
It doesn't happen every wk, but often enough to be a PITA. It also seems to happen when I really need to transact business - Murphy's law. For these warnings (esp. about expired certs) - I don't know if there's a way for users to verify / resolve questions, except talking to IT dept of the company - if avail.
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk