[SSL Observatory] Non-boolean trust

Matt McCutchen matt at mattmccutchen.net
Wed Mar 23 07:52:13 PDT 2011

Previous message: [SSL Observatory] SSL CA compromise in the wild
Next message: [SSL Observatory] SSL CA compromise in the wild
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2011-03-22 at 22:17 -0700, Jacob Appelbaum wrote:
> It seems timely to discuss a new metric for trust that is not a simple
> boolean.

That is really easy to say and really hard to do usefully.  If some
script on an important site makes an XMLHttpRequest to
https://www.example.com and the connection comes up as half trusted,
what do you do?

-- 
Matt

Previous message: [SSL Observatory] SSL CA compromise in the wild
Next message: [SSL Observatory] SSL CA compromise in the wild
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Observatory mailing list