--
On 8 Jun 2003 at 20:00, Anne & Lynn Wheeler wrote:
> that is why we coined the term merchant "comfort"
> certificates some time ago. my wife and I having done early
> work for payment gateway with small client/server startup in
> menlo park ... that had this thing called SSL/HTTPS ... and
> then having to perform due diligence on the major issuers of
> certificates .... we recognized 1) vulnerabilities in the
> certificate process and 2) information hiding of transaction
> in flight only addressed a very small portion of the
> vulnerabilities and exploits.

https is like a strong fortress wall that only goes half way
around the fortress.

The most expensive and inconvenient part of https, getting
certificates from verisign, is fairly useless.

The useful part of https is that it has stopped password
sniffing from networks, but the PKI part, where the server, but
not the client, is supposedly authenticated, does not do much
good. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     9ZQw+0/xh1y28CkGulSQSVxewfy71qzXGHI8KJbN
     4osBv1veq07jaMVh2zVetZVKqIRfQjiwJaKu99GqM


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to