--
Perry E. Metzger wrote:
> It used to be that Verizon (my local phone company,
> sadly) had this general problem but you could click on
> "log in" and it would direct you to a secure page with
> a little error message and you could then enter your
> username and password. They've since "fixed" that so
> it is no longer possible to log in safely to their web
> site at all.The reason we cannot sell, nor profitably implement, usable and effective security is, as Ian Grigg says in "the market for silver bullets", that neither buyers nor sellers can tell the difference between security that works, and security that does not work, even though you and I can tell the difference. The most recent illustration of this is the reaction to the recent AACS content protection hack. <http://msmvps.com/blogs/chrisl/archive/2007/01/02/46398 0.aspx> Cyberlink says its DRM code is working fine, because it does what it designed to do - but unfortunately the design prevents legitimate purchasers from playing legitimately purchased content on legitimately purchased machines, and fails to prevent people from ripping the content and sharing it through bittorrent. Cyberlink's statement echoes the statement made by earlier by many on this list and related lists that PKI fulfills its specification just fine. The DRM people wanted something that could not be done, so unsurprisingly they winded up buying something that does not do it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG LjC3cY1UO0v0xXean2TJqxn0Dh1vSubg/F00KDsX 48fF+ZilNMNu1rtIcc2XhJ0zksmqpjzsHEJz9pGDj --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
