The real problem that https has conspicuously failed to fix
Jeffrey I. Schiller
jis at mit.edu
Thu Jun 12 15:24:19 EDT 2003
Yep, I deployed such a PKI here at MIT back in 1996. Today every student
and most faculty and staff have certificates.
It really does work, but unfortunately the support for them in the
common browsers is quirky enough that we have our support fun! I can
understand why commercial sites shy away.
I have also been involved in efforts to get U.S. Higher Education to
start deploying client certificates. The big problem there is that
public key encryption appears to require more then the amount of clue
that most computer administrators seem to have, so education is a real
problem.
-Jeff
Nomen Nescio wrote:
> Jeffrey I. Schiller writes:
>
>
>>Oh, and btw, the form posting URL in my message wasn't even https, it
>>was just http. So all the futzing in the world with https wouldn't help!
>
>
> Of course it would help. Have you been following this discussion
> at all? The idea is to eliminate passwords as being of any value in
> getting access to PayPal or other ecommerce sites, by replacing them
> with client certificates. This implies using https or something
> cryptographically similar.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030612/7ee7d677/attachment.pgp>
More information about the cryptography
mailing list