On 6 Dec 2000, Dave Paris wrote:
> While I can appreciate the "why do we have to pay these mooks?!"
> attitude, the reasoning is rather more straightforward.
>
> It seems those making the silly** (imho) arguments have forgotten the
> entire reason for a "trusted third party" (in this case, the CA). User
> U heads over to site S and wishes to conduct a transaction, except U has
> never dealt with S, nor does U have the time to do background checks on
> S to significantly reduce the risk that S may actually be a fraudulent
> front end for a questionable organization. Note that I'm not saying
> this completely mitigates the risk, as it certainly does not. However
> it does go quite some ways to reducing the risk.
Oh balderdash, Dave. Try to locate an archive of sci.crypt discussions
going back to about 1995. And I'm actually not a cynic - it was a good
business idea, but that doesn't change the fact that the "security" it
offers is pie in the sky.
Ta Ta for now,
James Moore
<< snip, snip >>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
