RE: Stopping loss of transparency...

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

> Behalf Of Bill Manning

> steve bellovin and jck have very good advice.
> 
> my question...  what happens when you use address literals in 
> the URL; 
> i.e.
> 
> http(s)://192.02.80/index.php

You end up checking code paths that it is very unlikely many browser
authors checked.

You can actually buy certs that bind to the IP address, the only point
being to turn on encryption.

Unfortunately the padlock icon user interface fails at this point. It
actually means 'communication is encrypted', it is interpreted (entirely
reasonably) by the user as 'I am secure'.

Perhaps if we spent some time training programmers to write user
interfaces they would spend less time talking about training users to
navigate their creations.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf