James A. Donald wrote:
SSL works in practice, X509 with CA certs does not work in practice. People have been bullied into using it by their browsers, but it does not give the protection intended, because people do what is necessary to avoid being nagged by browsers, not what is necessary to be secure.
Indeed so - however, if Google makes it "just work" then there will be a large swathe of people out there wondering "what does this DIGITAL SIGNATURE" button do in gmail?" plus a smaller subset who have google talk and can perform secure e2e voip using x509 certs that they don't even know they have. Its not ideal, but its not a bad thing either - a little more security, using a known method, without any individual user having to know or care how it works (and lets face facts here, no solution that requires an end user to get his finger out and do something without being forced to, no matter how trivial the task is, ever had a decent update)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to