[security] Please convince me not to ban SSL (OP's)
SitG Admin
sysadmin at shadowsinthegarden.com
Fri May 8 20:14:09 UTC 2009
>> Evidence that OP's are advertising SSL as a security feature, or evidence
>> that users are being misled into thinking they really *are* secure from a
>> DNS hack?
>
>Either or both. :)
Hmm . . . well, the former was proposed as more of an IF, it's the
THEN that I'm sure about. SSL is described as a good thing so we know
which site we're dealing with, but can be explained to users as
simply "using this makes you more secure on the internet" (like when
they're shopping online). When both language and understanding can be
imprecise (it's their data, sort of part of them, residing at another
site, which we're concerned about), there's always room for some
margin of error. Kind of like quantum states where attempting to
observe the waveform can affect it.
-Shade
More information about the security
mailing list