'Sure but this discussion is about people on the move. Most people would not want to lug a satalite dish arround (only practical if travelling by road) and align it every time they need internet access. Not to mention the high subscription costs'
Okay ya got me. If she needed to edit her spreadsheets while visiting Inca ruins to which she traveled by a plane that didn't allow luggage, she'd be forced to fall back.
As for subscription fees they really aren't that bad and are on par with what dsl ran pretty much anywhere 5 years ago.
'I think you will find there are quite a lot of people from other countries here. Even if there weren't people do travel out of their home countries.'
I know, I just love getting a rise out of the cute lil critters.
I sometimes forget how anal slashdotters can be. I did not mean that literally nobody has used a 14.4k dial-up in over 10 years. I meant that VIRTUALLY nobody has used a 14.4k dial-up in 10 years. Places that can't be reached by satellite, phone line, or cellular coverage are not encountered by your average person anymore in fact they aren't encountered by many people at all, hence the lack of communication lines.
This may be news to you but the satellite internet to which I referred is available in small rural towns in Illinois just as surely as it is available in urban and suburban areas where nobody would want it.
I know it is because I lived in rural central Illinois and had a number of customers I serviced who had those lousy satellite internet connections.
The fact that you can get a connection that is that slow is no reason to use it. I feel bad enough for my customers that I have to convince to finally get rid of 56k.
If you are in the last mile there is a broadband option for you, it sucks, but its a hell of alot better than dial-up. There are a couple companies that will offer you a connection via small dish sat link and AFAIK you should be able to get coverage pretty much anywhere in the US.
As for the rest of the world, well for all intents and purposes they don't exist anyway. This is a US forum.
The point had nothing to do with openca and everything to do with the fact that the prompts presented by the browser outright told you the site was not legitimate because it had a self signed cert.
Thats very depressing my friend, very depressing. How could it possibly make more sense to work around the limitations of 14.4k than to use a sat link?
'I think you underestimate how much technical knowledge and understanding of the CA/certificate/SSL'
None. We can't guarantee you are sending the credit card information to who you think you are. Simple, not technical at all, and its no more complicated than that. Joe now knows all he needs to know to decide if he wants to take the risk anyway.
Joe probably won't risk it, until he REALLY wants the red ryder bb gun. Then joe takes a chance, and next time joe takes another chance and so on for years until joe ignores that prompt altogether because neither he nor anyone else he knows ever got hit with a man in the middle attack. That's Joe's choice and its none of our concern.
'Just curious... which side of the wide gap do you think the two things lie on?'
Currently, Firefox 3.0 displays the button and message claiming that self-signed sites are not legitimate.
I think simply not displaying the padlock would be a better option or better yet, a prompt of the sort I mentioned earlier.
'They provide trust that the entity you are talking to is the legal owner of the domain name listed in the cert. Any CA that doesn't guarantee that shouldn't be in the default CA lists of browsers (and Mozilla in particular requires that from the CAs it includes).'
Nonsense, you can go out an get a cert that is poorly or not at all verified today for about $15.
That actually wasn't the site I meant to link. But it has come out elsewhere that is a free as in beer CA trusted by mozilla browsers. Unfortunately, IE has not included them.
Self-signed certs do provide an encrypted connection, so they should provide an encryption indicator.
When you visit an unencrypted page in firefox for the first time, it brings up a notification telling you as much. This has a box to not show again that is selected by default.
A notification of this sort, with the same default indicating the page is encrypted but the other party had not been verified by a certification authority would be fine. It should have the same never show again box with a check mark.
Whether the encryption used is strong and secure is a technical matter that joe blow is not capable of determining. The website's identity not being verified is not a technical matter at all and Joe can make that informed choice on his own. The fact that we all know Joe is a moron and will probably make the wrong choice IS NOT a relevant factor, joe is an adult and free to be duped all day long if he sees fit.
There is a pretty wide gap between a "help get me out of here" button and a statement that says that no legitimate site would use a self signed cert and simply not displaying the lock icon on self-signed connections.
Although for someone who understands the issues, we know that the bar is low enough with authenticated certs that they don't provide trust either. Which means they are really only good for encryption without trust as well.
Either that or this means they have found a substance that readily decomposes to oxygen and also makes up a great part of the bulk in rocket fuel.
When combined with the previous discovery of water, this means there is air, water, and a ready source of power (the sun). Additionally the soil is very earthlike. This makes a martian colony extremely feasible and potentially useful.
The localized percolate also means not nearly as much fuel would need to be send for a return trip and there is a pretty fair chance that the other materials required to make the fuel will be present as well. For a colony this would mean things could be launched from the Martian surface.
You have been misinformed. In the world of theoretical security sniffing attacks are less common. In the real world any paper cert MCSE and tech savy high schooler knows how to sniff a wireless network with pre-written scripts as easily as they could once winnuke a windows 95 system. A script kiddie can not hijack DNS, it requires a bit of actual knowledge.
What I really want is for there to be no charge for encrypted connections and EVERY web connection to be encrypted in a fashion that assures that only I and the party I am communicating with can read the communication. If i can be sure that the machine I am communicating with is the machine I think it is then that would be a nice bonus.
As far as I am concerned there is no need for clear text surfing.
What kind of arrogant sob assumes he is the one who is superior and knows what choices the users should make?
'The connection is secure but the identity of the site has not been identified.'
Tells the user in non-technical terms what is occurring. The user has then been presented with all the information they need to make an intelligent choice. Assuming your choice for what the user should do is the more enlightened approach is arrogant and presumptive.
Yes, the vast majority of people are morons that doesn't justify babysitting them. They have the right to be morons and to do moronic things.
'So why does the firefox GUI make a site with a self-signed certificate appear (to the non-technical user) less secure than a plain HTTP site?'
It goes a step further. It presents two options, HELP GET ME OUT OF HERE and add to exceptions. Then if you try to add to exceptions it blatantly states in bold print that no legitimate site would ask you to do this. In other words, you are about to go to a scammer site, are you sure?
'How many less-than-savvy users are trained by their more geeky relatives to check for two things - the httpS and the little lock icon.'
That would be why he said not to put on a lock, just to continued as you would for an unencrypted connection with no notification (including padlock) at all.
'Insecure is less dangerous than encrypted untrusted.'
This is utterly ridiculous. For the handful of geek advised relatives there are MILLIONS who have no idea what the padlock is at all. A man in the middle attack is far more difficult than simply sniffing a connection.
'Getting "trust" established was one of the hardest thing for e-commerce to do.'
If they ever manage it, I'd like to know. Currently you can get a cert accepted in every major browser that claims you are a company you have no affiliation with.
768k blows 14.4k out of the water.
Works fine if you put the dish on top of the hill or above the trees.
'Sure but this discussion is about people on the move. Most people would not want to lug a satalite dish arround (only practical if travelling by road) and align it every time they need internet access. Not to mention the high subscription costs'
Okay ya got me. If she needed to edit her spreadsheets while visiting Inca ruins to which she traveled by a plane that didn't allow luggage, she'd be forced to fall back.
As for subscription fees they really aren't that bad and are on par with what dsl ran pretty much anywhere 5 years ago.
'I think you will find there are quite a lot of people from other countries here. Even if there weren't people do travel out of their home countries.'
I know, I just love getting a rise out of the cute lil critters.
I sometimes forget how anal slashdotters can be. I did not mean that literally nobody has used a 14.4k dial-up in over 10 years. I meant that VIRTUALLY nobody has used a 14.4k dial-up in 10 years. Places that can't be reached by satellite, phone line, or cellular coverage are not encountered by your average person anymore in fact they aren't encountered by many people at all, hence the lack of communication lines.
This may be news to you but the satellite internet to which I referred is available in small rural towns in Illinois just as surely as it is available in urban and suburban areas where nobody would want it.
I know it is because I lived in rural central Illinois and had a number of customers I serviced who had those lousy satellite internet connections.
The fact that you can get a connection that is that slow is no reason to use it. I feel bad enough for my customers that I have to convince to finally get rid of 56k.
If you are in the last mile there is a broadband option for you, it sucks, but its a hell of alot better than dial-up. There are a couple companies that will offer you a connection via small dish sat link and AFAIK you should be able to get coverage pretty much anywhere in the US.
As for the rest of the world, well for all intents and purposes they don't exist anyway. This is a US forum.
The point had nothing to do with openca and everything to do with the fact that the prompts presented by the browser outright told you the site was not legitimate because it had a self signed cert.
Thats very depressing my friend, very depressing. How could it possibly make more sense to work around the limitations of 14.4k than to use a sat link?
'I think you underestimate how much technical knowledge and understanding of the CA/certificate/SSL'
None. We can't guarantee you are sending the credit card information to who you think you are. Simple, not technical at all, and its no more complicated than that. Joe now knows all he needs to know to decide if he wants to take the risk anyway.
Joe probably won't risk it, until he REALLY wants the red ryder bb gun. Then joe takes a chance, and next time joe takes another chance and so on for years until joe ignores that prompt altogether because neither he nor anyone else he knows ever got hit with a man in the middle attack. That's Joe's choice and its none of our concern.
14.4k? At least use an example that someone has used this decade. 56k dial-up is extreme enough for an example of a slow connection.
'Just curious... which side of the wide gap do you think the two things lie on?'
Currently, Firefox 3.0 displays the button and message claiming that self-signed sites are not legitimate.
I think simply not displaying the padlock would be a better option or better yet, a prompt of the sort I mentioned earlier.
'They provide trust that the entity you are talking to is the legal owner of the domain name listed in the cert. Any CA that doesn't guarantee that shouldn't be in the default CA lists of browsers (and Mozilla in particular requires that from the CAs it includes).'
Nonsense, you can go out an get a cert that is poorly or not at all verified today for about $15.
That actually wasn't the site I meant to link. But it has come out elsewhere that is a free as in beer CA trusted by mozilla browsers. Unfortunately, IE has not included them.
Self-signed certs do provide an encrypted connection, so they should provide an encryption indicator.
When you visit an unencrypted page in firefox for the first time, it brings up a notification telling you as much. This has a box to not show again that is selected by default.
A notification of this sort, with the same default indicating the page is encrypted but the other party had not been verified by a certification authority would be fine. It should have the same never show again box with a check mark.
Whether the encryption used is strong and secure is a technical matter that joe blow is not capable of determining. The website's identity not being verified is not a technical matter at all and Joe can make that informed choice on his own. The fact that we all know Joe is a moron and will probably make the wrong choice IS NOT a relevant factor, joe is an adult and free to be duped all day long if he sees fit.
There is a pretty wide gap between a "help get me out of here" button and a statement that says that no legitimate site would use a self signed cert and simply not displaying the lock icon on self-signed connections.
Although for someone who understands the issues, we know that the bar is low enough with authenticated certs that they don't provide trust either. Which means they are really only good for encryption without trust as well.
you made a comparison to hitler or nazi's, apparently the discussion is over.
'I've got an original UK Harvest release of Pink Floyd's Dark Side of the Moon.'
And where would I find the bittorrented, EAC/FLAC backup of said disc so I can hold it for you to provide an offsite backup. Just in case ;)
The GP said 'I shine all my/my gf's/my family's silver jewelry and...'
Not just silverware.
actually as I understand it, the rockets use powdered aluminum and not an organic for their fuel.
That appropriate rating for a 2000th telling is redundant, not troll.
Either that or this means they have found a substance that readily decomposes to oxygen and also makes up a great part of the bulk in rocket fuel.
When combined with the previous discovery of water, this means there is air, water, and a ready source of power (the sun). Additionally the soil is very earthlike. This makes a martian colony extremely feasible and potentially useful.
The localized percolate also means not nearly as much fuel would need to be send for a return trip and there is a pretty fair chance that the other materials required to make the fuel will be present as well. For a colony this would mean things could be launched from the Martian surface.
It is a primary ingredient used in rocket fuel, as in the stuff that would be needed to send things back to earth if we ever went there.
Beyond that, no clue what they are getting at.
'Sniffing attacks are (AFAIK) rare.'
You have been misinformed. In the world of theoretical security sniffing attacks are less common. In the real world any paper cert MCSE and tech savy high schooler knows how to sniff a wireless network with pre-written scripts as easily as they could once winnuke a windows 95 system. A script kiddie can not hijack DNS, it requires a bit of actual knowledge.
What I really want is for there to be no charge for encrypted connections and EVERY web connection to be encrypted in a fashion that assures that only I and the party I am communicating with can read the communication. If i can be sure that the machine I am communicating with is the machine I think it is then that would be a nice bonus.
As far as I am concerned there is no need for clear text surfing.
What kind of arrogant sob assumes he is the one who is superior and knows what choices the users should make?
'The connection is secure but the identity of the site has not been identified.'
Tells the user in non-technical terms what is occurring. The user has then been presented with all the information they need to make an intelligent choice. Assuming your choice for what the user should do is the more enlightened approach is arrogant and presumptive.
Yes, the vast majority of people are morons that doesn't justify babysitting them. They have the right to be morons and to do moronic things.
'So why does the firefox GUI make a site with a self-signed certificate appear (to the non-technical user) less secure than a plain HTTP site?'
It goes a step further. It presents two options, HELP GET ME OUT OF HERE and add to exceptions. Then if you try to add to exceptions it blatantly states in bold print that no legitimate site would ask you to do this. In other words, you are about to go to a scammer site, are you sure?
'How many less-than-savvy users are trained by their more geeky relatives to check for two things - the httpS and the little lock icon.'
That would be why he said not to put on a lock, just to continued as you would for an unencrypted connection with no notification (including padlock) at all.
'Insecure is less dangerous than encrypted untrusted.'
This is utterly ridiculous. For the handful of geek advised relatives there are MILLIONS who have no idea what the padlock is at all. A man in the middle attack is far more difficult than simply sniffing a connection.
'Getting "trust" established was one of the hardest thing for e-commerce to do.'
If they ever manage it, I'd like to know. Currently you can get a cert accepted in every major browser that claims you are a company you have no affiliation with.