On 06/16/2016 11:50 AM, Walter H. wrote:> technically there is more: not the user needs to check the dates a SSL > certificate is valid; > > just compare it with real life: which salesman would you trust more - > the one that gets a new car every few years, which has the same > advertisings on it and maybe has the same color, or the other one that > gets nearly every month a new car, which looks totally different, > other color and other advertisings on it? (and its not a car dealer)Your metaphor is extremely strained, and completely unnecessary. It doesn't relate to the reality of certificates in any way. Without using a metaphor, please explain exactly who you think will not trust these certs, because I have never met these people.
On 16.06.2016 22:02, Gordon Messmer wrote:> Without using a metaphor, please explain exactly who you think will > not trust these certs, because I have never met these people.then you know now, that there exist such people ... at least the folks where their security software (antivirus, whatever) tells them a problem ...
On 06/16/2016 10:50 PM, Walter H. wrote:> On 16.06.2016 22:02, Gordon Messmer wrote: >> Without using a metaphor, please explain exactly who you think will >> not trust these certs, because I have never met these people. > then you know now, that there exist such people ...Well, one, but I'm hardly going to tailor my security infrastructure to one customer.> at least the folks where their security software (antivirus, whatever) > tells them a problem ...And what security software would report a problem with these certificates? (bearing in mind that ~ 30% of all TLS transactions involve a 90-day certificate, according to telemetry)