1. 2
  1.  

  2. 3

    I appear to be hitting an ssl exception on this URL. Something about the certificate issuer being unknown.

    1. 6

      @tedu hasn’t gotten to the book about CA infrastructure yet

      1. 2

        Lol. Oh he has. @tedu went further to launch a small-scale experiment on the psychological effects of highly-technical users encountering SSL problems on the homepage of someone they expect understands security. Aside from personal amusement, he probably focused on categorizing them from how many ignore them to quick suggestions to in-depth arguments. He follows up with a sub-study on the quality of those arguments mining them for things that will appeal to the masses. He’ll then extrapolate the patterns he finds to discussions in tech forums in general. He’ll then submit the results to Security and Online Behavior 2018.

        Every tedu story on Lobsters having a complaint about this is the fun part of the study for him. A break from all the tedium of cataloging and analyzing the responses. On that, how bout a Joker Meme: “If a random site by careless admins generate CA errors, then the IT pro’s think that’s all part of the plan. Let one, security-conscious admin have his own CA and then everybody loses their minds!”

        1. 2

          Not far from the truth.

          1. 2

            He’ll pay the $$$ and jump through hoops for DNS; but, the CA system— the line is drawn here!

            1. 2

              Well, domain names are scarce in a way that RSA keys aren’t, and have unevenly distributed value. My domain name was not randomly generated. :)

              1. 1
                tedunangst.com name server ns-434.awsdns-54.com.
                tedunangst.com name server ns-607.awsdns-11.net.
                tedunangst.com name server ns-1775.awsdns-29.co.uk.
                tedunangst.com name server ns-1312.awsdns-36.org.
                

                Did you ask for people to add your nameservers to their resolver roots?

                Domain names and RSA keys are equally scarce. It’s all protection money, for root servers and for root CAs.

            2. [Comment removed by author]

              1. 6

                This comment is totally unsupported by data, the Chrome team in particular has done a ton of research which has improved error adherence: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf in particular, but there’s others as well.

                The past few years have featured the greatest improvement in both the quality and quantity of HTTPS on the web since TLS was introduced, and it’s been supported by careful research on both the crypto side and the UX side.

                1. 3

                  Huh? The situation was much worse: browsers just displayed OK/Cancel dialog and most users just clicked OK. Today it’s harder for users to click OK, and this single change of UI made many more users secure against MiTM attacks. I don’t have links handy, but those Chrome and Firefox “assholes” did a lot of research regarding this, and made browsing more secure for the majority of non-technical people.

                  1. 2

                    At the same time, I think they’ve made it harder for technical users to make informed decisions.

                    1. 1

                      True.

                      1. 1

                        How is that not a win? ;-)