On Sep 9, 2013, at 5:51 PM, Arturo Servin <arturo.servin@xxxxxxxxx> wrote: > Because normally with SSL and SSH the complexity is in the server, > not the client. When the client needs to verify the identity of some > site with SSL we have the background browser process to check it (that > in fact it is another weakness in the model). The UI complexity is in the server for TLS, but not for SSH. And indeed the way TLS most typically fails is that the UI in many cases fails to communicate the right information to the user, and fails to do what the user would need in order to fully protect them. That said, it is still a very successful protocol, and delivers a lot of value despite its various UI issues.