There are SO MANY flaws in the message to which I'm replying that I scarcely know where to begin. In this message, I'm just going to address just one, one that contains a false accusation.
Ian Grigg wrote:
Your scenario will allow us to calculate how the risk of MITM effects our decisions. So, taking your numbers
Not my numbers.
without question, if there are thousands of users being hit by MITM, and there are, say $200 of losses every time they are hit, let's call that 200 x 5000 per year, then we get total losses of $1 million.
Now, if the total cost of protecting these people is CA signed certs for all merchants, the current situation, then we look at that cost and compare.
There are 43,430 valid certs out there. Assume an approximate cost (including time) of $1000 per cert. Cost to protect against the MITM: 43 million dollars.
So, I conclude, using your numbers, that it is not worth it.
None of the numbers in the text quoted above came from me. I doubt most of them are even approximately correct.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
