The real problem that https has conspicuously failed to fix

James A. Donald jamesd at echeque.com
Sun Jun 8 16:43:05 EDT 2003 

I keep posting "you cannot do this using https", and people keep replying "yes you can"

No you cannot, cause if you could, paypal, e-gold, e-bay, and the rest would not be suffering from the problem illustrated by scam mails such as the following

(When you hit the submit button, guess what happens)

        
     
     
      Dear PayPal Customer 


      This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

      The inactive customers are subject to restriction and removal in the next 3 months.

      Please confirm your email address and Credit or Check Card information using the form below:
     


            Email Address:
            
            Password:
            
            First Name:
            
            Last Name:
            
            ZIP:
             
            Credit or Check Card #:
            
            Expiration Date:
            Month 01 02 03 04 05 06 07 08 09 10 11 12  /   Year 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012  
            ATM PIN:
            

       

      Information transmitted using 128bit SSL encryption. 

        
     
      Thanks for using PayPal! 
     
     
      This PayPal notification was sent to this email address because you are a Web Accept user and chose to receive the PayPal Periodical newsletter and Product Updates. To modify your notification preferences, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes may take several days to be reflected in our mailings. Replies to this email will not be processed.  

      Copyright© 2003 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030608/c56de89f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paypal_logo.gif
Type: image/gif
Size: 902 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030608/c56de89f/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pixel.gif
Type: image/gif
Size: 43 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030608/c56de89f/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dot_row_long.gif
Type: image/gif
Size: 153 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030608/c56de89f/attachment-0002.gif>

More information about the cryptography mailing list