On 02/12/2011 05:44 AM, From Steve Schultze:
Not that many phishing attacks rely on HTTPS. That report also details phishing attacks *on people seeking to purchase SSL certificates* in which the phishing happens over plaintext. If there's any community that would require an HTTPS connection in order to be successfully phished, it would be that one.
Right, financial institutions and CAs really should use something else than user name and password pairs. I know some that use client certificates instead (hint, hint).
If anybody else on this list would like to present a more compelling argument than you have
....as if your arguments are more convincing and the only ones that count :-)
but I don't think that the two of us will make any progress with more back-and-forth.
Full agreement this time between us. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
