[LINK] Trustworthiness of Declarations of Untrustworthiness

Roger Clarke Roger.Clarke at xamax.com.au
Mon Nov 14 10:20:47 AEDT 2011

I bank with the NAB.  Their Internet Banking works okay-ish.

This morning I did it the usual way - typing nab.com.au into my browser-window.

But it did something different today.

It said"
>Safari can't verify the identity of the website "wwww.nab.com.au"

When I had a peek at the details, I found that you can't copy and 
paste the contents.  Another brilliant piece of programming, that is.

It says (typing errors possible):

Issued by: VeriSign Class 3 Extended Validation SSL SGC CA
Expires: Thursday, 19 January 2012 1:59&:ss z
[The & is actually one of those odd marks I don't know much about - 
like a capital 'S' the morning after, when you can't focus properly]

But the clincher is, in red:
This certificate was signed by an unknown authority.

The message didn't crop up in Firefox.

I came back later using Safari, and it didn't appear the second time.

So is a mug punter meant to trust the declaration of 
untrustworthiness that was provided by Safari?

Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list