Security snake oil
To me, SSL security certificates have always seemed particularly stupid usability-wise. As I understand it, the system works like this:
- Alice trusts Fred.
- Fred trusts Bob.
- Bob gets a certificate of trustworthiness from Fred.
- When Alice visits Bob’s page, Bob shows Alice his certificate to demonstrate his trustworthiness.
The problems with this system are as follows:
- Alice doesn’t really trust Fred.
- Fred doesn’t really trust Bob.
- Getting a certificate is too hard, so Bob doesn’t bother.
- When Bob shows Alice his certificate, Alice isn’t paying attention.
