[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Matthew Woehlke <mw_triad () users ! sourceforge ! net>
Date: 2009-06-11 15:36:59
Message-ID: h0r8at$d68$1 () ger ! gmane ! org
[Download RAW message or body]
Anthony J Moulen wrote:
> You are aware that most browsers do not actually authenticate a
> certificate. They only ensure that the certificate was signed by a
> signer that it trusts.
...which is a form of authentication, no? You have verified that the
certificate was confirmed valid by a (theoretically) trusted party.
> In a true security sense you should also be
> querying the revocation list from the authority to ensure that the
> certificate hasn't been compromised and reported.
True. Being signed by a CA doesn't ensure security (perfect security is
nearly impossible anyway; someone could be using a key logger), but it's
still different from having no assurance at all where you are sending data.
> The other issue is that the browser doesn't ensure that what you
> typed was correct.
Firefox does, on several levels, by tracking how many times you have
visited a site, and if you have given a site special permissions. (And
yes, I /do/ make use of these.) Good features to add to konqueror, if
you ask me...
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
Never give up on learning
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic