CFP: PKI research workshop
Carl Ellison
cme at acm.org
Sat Jan 12 13:49:18 EST 2002
At 05:45 PM 12/26/2001 -0500, Perry E. Metzger wrote:
>
>
>"Phillip Hallam-Baker" <hallam at ai.mit.edu> writes:
>> Methinks you complain too much.
>>
>> PKI is in widespread use, it is just not that noticeable when you
>> use it. This is how it should be. SSL is widely used to secure
>> internet payment transactions.
>
>HTTPS SSL does not use PKI. SSL at best has this weird system in
>which Verisign has somehow managed to charge web sites a toll for
>the use of SSL even though for the most part the certificates assure
>the users of nothing whatsoever. (If you don't believe me about the
>assurance
>levels, read a Verisign cert practice statement sometime.)
If that's not good enough for you, go to https://store.palm.com/
where you have an SSL secured page. SSL prevents a man in the middle
attack, right? This means your credit card info goes to Palm
Computing, right? Check the certificate.
+------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list