CFP: PKI research workshop
Eric Rescorla
ekr at rtfm.com
Mon Jan 14 18:44:40 EST 2002
Carl Ellison <cme at jf.intel.com> writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 02:47 PM 1/14/2002 -0800, Eric Rescorla wrote:
> >> Meanwhile, the information that the user
> >> really looks at to make a security decision (the Palm logo and the
> >> little padlock) aren't related at all.
> >No possible security system can protect people who trust
> >whatever logo happens to be transmitted to them in web pages.
>
> That is certainly true today, but that is precisely how users decide
> whether or not to give up their credit card numbers or more
> sensitive information. It's a good thing that the user is absolved
> of liability in case the credit card is stolen. I disagree that
> it's not possible to secure logos. It's a MMOP (mere matter of
> programming). :)
I didn't say that it wasn't possible to secure logos. I said that
you couldn't protect people who trusted logos that were transmitted
to them in Web pages. This is not the same thing. The point is
that such logos are transmitted in-band and are part of the web
page. Therefore, they are not cryptographically verified.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list