On Wed, 28 Jan 2004, Douglas Koobs wrote:
> Eben King said:
> <snip>
> > Yes. IMO it's better not to use a certificate at all in this case, to
> > avoid the hassle and confusion of them clicking "OK".
>
> But then their ID, password, and all communications from the client to the
> server are plaintext.
Ah, so SSL -> certificate. Since https is more desirable than http, even
a self-signed certificate is better than none. OK.
> And, once the certificate is installed on the browser, they no longer
> get prompted to approve the certificate.
Some users are more paranoid, and don't accept the certificate for all
time, but just this once. USF OASIS asks me every time.
> I guess the only part that truly needs to be encrypted for my purposes is
> the password, since the emails to other domains are going to be sent clear
> text via SMTP over the Internet.
Getting that point across to Joe User is going to be difficult.
-- -eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactarDrive nail here > < for new monitor.
----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:32:44 EDT