-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Several thoughts: 1) This issue is not new, it was presented several times in few places (e.g: Schneier's book, "Secrets and Lies"), and the main advice here is not to trust that little lock icon, but to manually verify that the certificate's correlation to the supposebly secure site. 2) Tested under IE 6.0.2600 under Win 98 (Hebrew enabled if it matters), there was no warning. 3) I believe MS's claim that cryptography is the cause of delay is false.The cryptography there works good. There is nothing wrong with verifing the certificate, the problem is with verifying that the certificate matches the site. It is like having a problem with your car's A/C, and having the repairman saying "This problem is hard to fix, because you have a very complex 4x4 driving system in this car". It is just not related, as far as i can see. And that's about it. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPCoKue6B0r4ZZEp/EQIh+wCeOLtZXc1/chlGVFIpPOkjq74enncAnjGA OC6SsDAlHQN64wT3pK/66UDU =1ka7 -----END PGP SIGNATURE-----
