I've long objected to the idea that my users (BlogBridge http://www.blogbridge.com/) are asked about certificates by Java.
Not only is the question impossible to understand for normal people, it is also scary and confusing. And IMHO for those who THINK they understand the question, it creates a very false sense of security.
After all, unless your name is Bill Gates or Microsoft, how is the user to know whether Acme Corp from Denver Colorado are good guys or secretly malware developers? By signing the code with a valid certificate, all they are proving is that they have $300 or so and a valid post address. What kind of protection is that?
Slashdot Mirror
I've long objected to the idea that my users (BlogBridge http://www.blogbridge.com/) are asked about certificates by Java.
Not only is the question impossible to understand for normal people, it is also scary and confusing. And IMHO for those who THINK they understand the question, it creates a very false sense of security.
After all, unless your name is Bill Gates or Microsoft, how is the user to know whether Acme Corp from Denver Colorado are good guys or secretly malware developers? By signing the code with a valid certificate, all they are proving is that they have $300 or so and a valid post address. What kind of protection is that?
More on this: http://www.salas.com/weblogs/archives/000645.html