Ian G wrote:

But don't get me wrong - I am not saying that we should
carry out a world wide pogrom on SSL/PKI.  What I am
saying is that once we accept that listening right now
is not an issue - not a threat that is being actively
dedended against - this allows us the wiggle room to
deploy that infrastructure against phishing.

Does that make sense?
No, not really. Until you can show me an Internet Draft for a solution to phishing that requires that we give up SSL, I don't see any reason to do so. As a consumer, I'd be very reluctant to give up SSL for credit card transactions because I use it all the time and it makes me feel safer.

What matters is now:  what attacks are happening
now.  Does phishing exist, and does it take a lot of
money?  What can we do about it?
If you don't know what we can do about phishing, why do you think that getting rid of SSL is a necessary first step? You seem to be putting the cart in front of the horse.

Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to