Only if you are encrypting to the correct party, and not to a thief. This is why we have CAs and trust.
Ian made a point of this about a Gold company using a self signed certificate and not having a problem. At this current point in time if I were a thief, there are numerous ways of getting information out of people for not much more then the cost of a pen. So is all the fuss about security so over rated to the point that people resort to using unencrypted emails, and unencrypted websites just because security is too costly or too difficult? I'd say yes, the first site (say google for example) their browser will tell the user about entering information into unencrypted websites, the user will dismiss that dialog box because they are only doing a simple search (by default it won't come back). Later on they go to Orkut, which has made news lately about social networking and all that sort of thing. It collects potentially a ton of personal information about it's users, yet none of this is deemed worthy of encryption, not event he login. Security in the here and now is out of hand, and out of grasp of most people so much so they risk personal details by not using it.
http://theregister.co.uk/content/archive/30324.html (April last year)
Couple of choice quotes...
"Nine in ten (90 per cent) of office workers at London's Waterloo Station gave away their computer password for a cheap pen, compared with 65 per cent last year."
And this article
http://theregister.co.uk/content/55/35393.html
"A third of employees quizzed write their computer passwords down to help them remember and one in ten keeps them on a Post-It note on their desk. More than half (55 per cent) of those quizzed base their passwords on people's names, making them far easier to guess."
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
