[security] Please convince me not to ban SSL (OP's)
Adam Barth
hk9565 at gmail.com
Fri May 8 19:06:00 UTC 2009
On Fri, May 8, 2009 at 12:04 PM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
> By "reinforcement" I mean "specific advertisement": if the OP uses its
> support of SSL as a feature to attract users, but not educating the user
> about how this security measure fits in among the larger picture, they are
> effectively misleading the user into a mistaken idea of how secure they are.
Do you have evidence that this is actually happening, or is this just
speculation?
>> You haven't offered any justification for these very specific
>> assumptions. I bet they won't hold that widely if you tested them on
>> real users.
>
> I'm not concerned about "real users" so much as "MY users"; not drawn from
> the average pool ;)
Then I recommend that you study your users and act in their best interest.
Adam
More information about the security
mailing list