--- "James A. Donald" <[EMAIL PROTECTED]> wrote: > Attached is a spam mail that constitutes an attack on paypal similar > in effect and method to man in the middle. > > The bottom line is that https just is not working. Its broken.
I disagree. That attack is more akin to a "Hi, I'm calling from {insert bank here} and we need your CC info to update your file." That doesn't mean credit cards [nor your bank] are flawed. It means you're an idiot for giving out the information. Note that this "attack" doesn't actually exploit the automated side of things. It doesn't learn the secret key [password] nor does it decrypt packets [via https]. The attack is based on you giving out the secrets, and alas, no crypto can really stop that [unless you stop letting the users have the secrets]. So your "conclusions" are a bit off. Tom __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]