On 05/21/2010 03:23 AM, From Matt McCutchen:
On May 19, 11:28 am, Eddy Nigg<eddy_n...@startcom.org> wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site and there
was no reason for it. Either the certificate was not trusted or the
domain did not match or other reasons. Those are real errors, those are
not false positives, those are REAL positives.
That's not right. We are discussing SSL as a /means/ to prevent
impersonation of the site the user wanted to visit. In this context,
a "false positive" is defined as an SSL error when no impersonation is
taking place.
Oh really? And how do you know? There are no false positives, it all
boils down to correct or incorrect.
Anything that is incorrect may not be relied upon because you actually
can't know (from the outset, you might correct and check for the
reasons, but this isn't anybody knows how to do).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
