Nelson Bolyard wrote: > If you haven't already done so, read Dan Kaminsky's slides from his > talk at blackhat. http://www.doxpara.com/DMK_BO2K8.ppt
Thanks for the link! > Results attributed to Consumer Reports, showing that the number of > people who ignore bad cert warnings is about equal to the number who > abandon attempts to visit sites because of them. ~42% +/-1% each! Wow, I am actually encouraged by this. I would have guessed that the percentage of people who just ignore the security warning would have been much higher. Except, as the slides mentioned, this was self reported figures and actual figures for people ignoring an expired certificate were 99.5%. I would assume that with Firefox 3.0, the percentage of users who ignore the warnings would be much smaller since it is quite a bit harder to make an exception for the bad certificate; the UI is pretty confusing even to me. -- Heikki Toivonen - http://heikkitoivonen.net _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
