Non-English Domain Names Likely Delayed

• Previous message (by thread): Non-English Domain Names Likely Delayed
• Next message (by thread): Non-English Domain Names Likely Delayed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18 Jul 2005, at 18:43, Jason Sloderbeck wrote:


> I don't know of any other IEEE/NANOG/IETF/ICANN-sanctioned method to
> completely confuse even a savvy IT user who is trying to determine the
> validity of an SSL site.
>

If I was feeling especially cynical (and hey, who isn't on a Monday?)  
I'd say that the validity of an SSL site is a lot harder to judge  
than people think, and a savvy IT user would do well to trust very  
few of them.

For a well-known common name with a global reputation, you might have  
a reasonable expectation that a successful wander down a certificate  
chain might be worth trusting: a CA would have to be fairly remiss to  
issue a certificate to some random customer who claimed to be Amazon  
or Microsoft (or Amäzon or Micrøsoft, for that matter).

However, when it comes to a web store whose name isn't well-known,  
"good certificate" frequently means little more than "the operator of  
the site is able to mark up some letterhead and send a fax".

And of course, nobody here would be guilty of clicking "accept" on a  
warning that the validity of a self-signed certificate cannot be  
determined. Thought not.

Maybe a bit of healthy distrust is overdue for injection into the CA  
economy.


Joe

• Previous message (by thread): Non-English Domain Names Likely Delayed
• Next message (by thread): Non-English Domain Names Likely Delayed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]