Hi
"Mel Evans, Registered Arachne User" <[EMAIL PROTECTED]> wrote:
MU> In actual fact, you are probably relying on "Chase-Manhattan" or "Bank
MU> of Scotland" certifying they will not do anything naughty on such a
MU> site, or that they will refund anything that IS naughtily done rather
MU> than a real security set-up.
SSL only encrypts the data which is sent.
What the recipient does with it, is can't be supervised by SSL.
MU> The main problem is that I could set up a site that looks as if I could
MU> be
MU> a multi-million dollar company, when in reality I have a corner of a
MU> shack in a junkyard somewhere, and total assets of a couple of hundred
MU> dollars. How would you know from the website?
Generally you can't, because you need to get certified.
Ie. your key gets signed by a known Certification Authority. (eg VeriSign)
If it is not signed, than the browser tells you immediately, that this site is
NOT trusted !
MU> Regards
MU> Mel
CU, Ricsi
PS: Michael if you implement SSL, you could also add S/MIME.
(this is SSL for emails ;))
--
Richard Menedetter <[EMAIL PROTECTED]> [ICQ: 7659421] {RSA-PGP Key avail.}
-=> Don't look a gift horse in the mouth <=-
