> I keep posting "you cannot do this using https", and people keep > replying "yes you can"
I think there's two separate problems here. One is domain squatting. I've seen lots of phishes from domains like paypal-confirm.com (which is registered to someone in Pakistan.) It is truly pitiful that with all of the anti-squatting nonsense involved with ICANN and their UDRP, and despite the cases cases we've read about with trademark owners suing everyone who registers "bigcorp-sucks.com", people still register deliberately confusing domain names in bad faith for fraudulent purposes and get away with it. The other issue, as someone else noted, is that html, like just about everything else on the net, wasn't designed to be secure and unless you're going to go reading the source code of every form you use, you can't tell where your information is going. I can't see that either of those issues can be addressed by cryptography. Crypto lets someone say "Hi! I absolutely definitely have a name somewhat like the name of a large familiar organization, and I'd like to steal your data!" and lots of users will say "OK, fine, whatever." -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
