Saturday, January 24, 2009

SSL is out of control

I'm really excited about SSLFail which was put together by Martin from tssci-security.com and Tyler Reguly. I've been working with SSL and certs quite a bit recently, the whole thing has me up in arms. So many sites have SSL errors and on top of that, the browsers handle these errors differently! This is a good way to start focusing more attention on the matter.

As we'll probably see with feedback on this site or others, the first major issue will be addressing comments such as "Well why is that warning message even a big deal?" And that's part of the problem in itself. Users are presented with numerous warning messages is a variety of forms. Its difficult to figure out what you should be concerned about.

Consider this for a moment, what if you immediately stopped using a website at the first SSL warning message you received. How many sites could you actually use? Could you use your bank's website?

-Michael Coates