nationwide interception of Facebook & webmail logincredentials in Tunisia

Brian Morrison bdm at
Mon Feb 7 10:43:01 GMT 2011

On Sun, 6 Feb 2011 19:25:52 +0000
Ian Batten <igb at> wrote:

> You and I know the difference between trusting a certificate and  
> trusting anything signed by that certificate, but most people
> don't. Encouraging end users to manipulate their certificate store is
> not likely to be a happy story.

Can anyone think of a way to make this work on a grand scale for people
that are not clued up on what certificates are, what they can do, what
they are often used for and why they are necessary?

I find that most people I speak to in the pub struggle to understand
much of this at all, they can just about grasp that they should be
looking for a padlock symbol when they are banking or shopping online
but try to delve any deeper into their knowledge and one gets a blank

Essentially, all the institutions in our lives that once we trusted
because we didn't know enough about them to be able to see where the
holes were have now become well known enough that we are aware that
much they do is not properly overseen and that often they do not have
our interests at heart. And even if they do something wrongly and we
suffer financial impact because of that, then our chances of redress as
an individual are negligible.

Not the foundation for much trust at all I'd say.


Brian Morrison

More information about the ukcrypto mailing list