--- "James A. Donald" <[EMAIL PROTECTED]> wrote:
> Attached is a spam mail that constitutes an attack on paypal similar 
> in effect and method to man in the middle.
> The bottom line is that https just is not working.  Its broken.

I disagree.  That attack is more akin to a "Hi, I'm calling from
{insert bank here} and we need your CC info to update your file."

That doesn't mean credit cards [nor your bank] are flawed.  It means
you're an idiot for giving out the information.

Note that this "attack" doesn't actually exploit the automated side of
things.  It doesn't learn the secret key [password] nor does it decrypt
packets [via https].  The attack is based on you giving out the
secrets, and alas, no crypto can really stop that [unless you stop
letting the users have the secrets].

So your "conclusions" are a bit off.


Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to