I'm sorry for not answering for a long time. Though I still don't know if I will be able to reply faster in the future.
shubla wrote:You probably know what I mean.
I'm sure I don't
know, else I wouldn't be wondering. I may
guess it at best, but that's not a good way for discussion, I think.
shubla wrote:If certificate is "trusted" you get green lock and this. But if its not, you'll get a warning
Trusted
by whom? Again, if the viewing person can't discern who is trustable and who is not, they as well can't discern whether such a middleman is outwitting them.
shubla wrote:that may make it difficult to enter the site especially for slightly computer illiterate person.
That's literally opinion-based discrimination. It can avert people from quite normal sites.
shubla wrote:Yes its not foolproof. Certificates can be stolen etc. but its very rare, you don't see it often.
Main point, I think, is that it's not... can't find a better word... "dictatorproof". or "authoritarianism-proof".
I literally have a "certificate error" warning on this forum, that expands to, among other phrases, "we recommend to close this page". How would less computer literate person know that this "recommendation" is a misleading act of discrimination by people he chose to trust?
shubla wrote:And yes, user is often the biggest problem for sure, but if we think about ways to prevent this precise method of attack, the current CA system(the general way trust works in https connections) works quite well to prevent it.
It is enough to get the user verify that url is their banks url and that there is the green lock, and that pretty much deals with various possible attacks.
I think, user, at most, is a problem to himself, and then no other person has a right to call him "a problem". If the user is aggressive, then the aggressiveness is a problem, not the illiteracy. And if somebody would punish you for not satisfying a user enough, it's the punisher who is a problem, not the user.
Regarding attacks, well, prevention of some kinds of threats by means of creating others... it's hard for me to call this a security.
shubla wrote:Agrik wrote:shubla wrote:For an average user this is the best system.
Average among whom?
Among all the people? Pick a random person from the street, to him its probably a good or best system out of all available options.
So we return to the question why there should be only one system tailored to the averagest person. Try to apply this principe to other spheres to see its downside.
shubla wrote:But that would still bring little to no gain for most people.
Did you mean "little to no
immediate, direct and totally obvious personal gain for most people"? There can be many indirect benefits even if they directly affect only a small but a useful part of a society.