In <[EMAIL PROTECTED]>, on 06/23/00 at 09:40 PM, lcs Mixmaster Remailer <[EMAIL PROTECTED]> said: >Since the main purpose for "secure" access is submitting forms, browsers >should be enhanced to show the security status of the FORM rather than >the PAGE. Unfortunately it will take years for this to occur. Until >then we really have no way of knowing whether a given form submission >will be secure, short of studying the page source of every form we >submit. For the most part the purpose of "secure" access is to give the end user warm fuzzies (and for Verisign to sell more certs). The primary risk of data loss has never been via interception over the communication link (a risk yes but not the primary one). The primary risk is data loss at the collection site. The methods for the loss can vary from outright theft of the data at the server by hackers to misuse of the data by those collecting it. Unfortunately no one wants to even talk about these risks let alone address them (no money making quick fix or easy 15 sec political soundbite). -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Data Security & Cryptology Consulting Programming, Networking, Analysis PGP for OS/2: http://www.openpgp.net/pgp.html E-Secure: http://www.openpgp.net/esecure.html ---------------------------------------------------------------
