[cryptography] Let's go back to the beginning on this

Andy Steingruebl andy at steingruebl.com
Tue Sep 13 14:22:28 EDT 2011


On Tue, Sep 13, 2011 at 10:48 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:

> Furthermore,
> they're probably right; most of the certificate errors I've
> seen over the years were from ordinary carelessness or errors,
> rather than an attack; clicking "OK" is *precisely* the right
> thing to do.

Is anyone aware of any up-to-date data on this btw?  I've had
discussions with the browser makers and they have some data, but I
wonder whether anyone else has any data at scale of how often users
really do run into cert warnings these days. They used to be quite
common, but other than 1 or 2 sites I visit regularly that I know ave
self-signed certs, I *never* run into cert warnings anymore.   BTW,
I'm excluding "mixed content" warnings from this for the moment
because they are a different but related issue.



More information about the cryptography mailing list