Behalf Of Bill Manning
steve bellovin and jck have very good advice.
my question... what happens when you use address literals in
the URL;
i.e.
http(s)://192.02.80/index.php
You end up checking code paths that it is very unlikely many browser
authors checked.
You can actually buy certs that bind to the IP address, the only point
being to turn on encryption.
Unfortunately the padlock icon user interface fails at this point. It
actually means 'communication is encrypted', it is interpreted (entirely
reasonably) by the user as 'I am secure'.
Perhaps if we spent some time training programmers to write user
interfaces they would spend less time talking about training users to
navigate their creations.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf