Ian Grigg wrote:
Too many words? OK, here's the short version
of why phising occurs:
"Browsers implement SSL+PKI and SSL+PKI is
secure so we don't need to worry about it."
PKI+SSL *is* the root cause of the problem. It's
just not the certificate level but the business and
architecture level. The *people* equation.
PKI+SSL does not _cause_ the problem, it merely fails to solve it. You
may as well blame HTTP - in fact, it would be fairer.
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]