[ih] Funny how things work out
cabo at tzi.org
Mon Feb 1 13:43:25 PST 2021
On 2021-02-01, at 22:20, Dave Crocker <dhc at dcrocker.net> wrote:
> On 2/1/2021 1:06 PM, Carsten Bormann via Internet-history wrote:
>> Users are supposed to look at their browsers’ address lines and verify that they are talking to the right site before they give up their credit card numbers, passwords etc. Browsers have started supporting this by hiding any other part of the URI to various levels (greying out, completely hiding).
> Except, of course, that expectation on end-user behavior has been solidly demonstrated to be inappropriate.
Of course! I thought that was obvious to anyone skilled in the art :-)
This doesn’t change the fact that the entirety of Web security is built on this shaky foundation. Any evolution of DNS needs to be aware of this and avoid making things even more insecure.
More information about the Internet-history