Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Wrong problem to attack (Score 1) 733

by Devil's Avocado (#24710563) Attached to: Firefox SSL-Certificate Debate Rages On

This is a bad approach that attacks the wrong end of the problem. The real problem is that *after they are accepted* self-signed certs and trusted-authority-signed certs are treated as providing the exact same guarantees. In reality they provide two distinct things, each of which has its place. Self-signed certs provide end-to-end encryption without saying anything about where the other end is. Signed certs make stronger (but not foolproof!) guarantees about the other end of the channel.

The problem is that both types of certs get you the *same* lock in the corner of the window. This is really bad, because that lock icon is the green light for grandma to enter her credit card number. She should *never* be doing that on a site with a self-signed cert, and it shouldn't matter whether or not junior was using the computer earlier and jumped through the hoops to add an exception for the cert of some promising-looking porn site. The icon needs to reflect the *guarantee*, not the delivery mechanism.

My suggestion would be to show a warning when accepting a self-signed cert that contains language and images -- people are visual -- describing the idea of secure communication with an unknown party, and make it easy to accept the cert. But for goodness' sakes, use a *different* icon, something that cannot be mistaken for a lock, to represent the security. Show an envelope, or a pipe representing the inability to look inside the connection. (I know, tubes...) I'm sure somebody brighter than myself can figure out a good icon for this status.

The thing about security as it relates to ordinary folks is you have to have a simple story to tell them or they just ignore it. "Look for the lock and you're OK" is as simple as it gets, which makes it a very good, very useful story. Putting "the lock" on self-signed cert connections dilutes that story, which is a bad, bad idea.

(As an aside, I've actually always thought the lock was too subtle. I'd rather say "when your entire browser window starts pulsing gold you're OK to enter your credit card number".)
The Courts

Supreme Court Holds Right to Bear Arms Applies to Individuals 2221

Posted by timothy from the founders'-rolling-speed-reduced-slightly dept.
Now.Imperfect writes "In its last day of session, the Supreme Court has definitively clarified the meaning of the Second Amendment. The confusion is whether the Second Amendment allows merely for the existence of a state militia, or the private ownership of guns. This ruling is in response to a case regarding the 32-year-old Washington DC ban on guns." This is one of the most-watched Supreme Court cases in a long time, and Wikipedia's page on the case gives a good overview; the actual text of the decision (PDF) runs to 157 pages, but the holding is summarized in the first three. There are certainly other aspects of the Second Amendment left unaddressed, however, so you can't go straight to the store for a recently made automatic rifle.

Slashdot Top Deals

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Close