Comments on: Verisign FAIL – We are all doomed http://www.sslfail.com/2009/01/verisign-fail-we-are-all-doomed/ 1.2.840.113549.1.1 Thu, 01 Jul 2010 03:13:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Michael Coates http://www.sslfail.com/2009/01/verisign-fail-we-are-all-doomed/comment-page-1/#comment-16 Michael Coates Sat, 17 Jan 2009 14:12:13 +0000 http://www.sslfail.com/?p=125#comment-16 The reason this is a fail is because the user was presented with an error message at all. Michael J is correct, the two A records point to the same IP address and its not a big deal. However, by presenting an error message at all we are training the public users to ignore the error message and continue browsing. If they see any other error messages in the future, they'll be tempted to ignore those as well (and those ssl error messages could be much worse). If you are using SSL for a site, then there should never be any SSL error warnings presented to the user. > 0 = fail -Michael Coates The reason this is a fail is because the user was presented with an error message at all. Michael J is correct, the two A records point to the same IP address and its not a big deal.

However, by presenting an error message at all we are training the public users to ignore the error message and continue browsing. If they see any other error messages in the future, they’ll be tempted to ignore those as well (and those ssl error messages could be much worse).

If you are using SSL for a site, then there should never be any SSL error warnings presented to the user. > 0 = fail

-Michael Coates

]]> By: Michael Janke http://www.sslfail.com/2009/01/verisign-fail-we-are-all-doomed/comment-page-1/#comment-9 Michael Janke Wed, 14 Jan 2009 04:20:45 +0000 http://www.sslfail.com/?p=125#comment-9 How is this a fail? It's obviously just a case where two A records point to the same IP address. No big deal, really. How is this a fail? It’s obviously just a case where two A records point to the same IP address.

No big deal, really.

]]>