Ian G wrote:
But don't get me wrong - I am not saying that we should
carry out a world wide pogrom on SSL/PKI. What I am
saying is that once we accept that listening right now
is not an issue - not a threat that is being actively
dedended against - this allows us the wiggle room to
deploy that infrastructure against phishing.
Does that make sense?
No, not really. Until you can show me an Internet Draft for a solution
to phishing that requires that we give up SSL, I don't see any reason to
do so. As a consumer, I'd be very reluctant to give up SSL for credit
card transactions because I use it all the time and it makes me feel safer.
What matters is now: what attacks are happening
now. Does phishing exist, and does it take a lot of
money? What can we do about it?
If you don't know what we can do about phishing, why do you think that
getting rid of SSL is a necessary first step? You seem to be putting the
cart in front of the horse.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
