Who's afraid of Mallory Wolf?
Ed Gerck
egerck at nma.com
Tue Mar 25 14:38:31 EST 2003
Jeroen van Gelderen wrote:
> 3. A significant portion of the 99% could benefit from
> protection against eavesdropping but has no need for
> MITM protection. (This is a priori a truth, or the
> traffic would be secured with SSL today or not exist.)
Let me summ up my earlier comments: Protection against
eavesdropping without MITM protection is not protection
against eavesdropping.
In addition, when you talk about HTTPS traffic (1%) vs.
HTTP traffic (99%) on the Internet you are not talking
about user's choices -- where the user is the party at risk
in terms of their credit card number. You're talking about
web-admins failing to protect third-party information they
request. Current D&O liability laws, making the officers
of a corporation personally responsible for such irresponsible
behavior, will probably help correct this much more efficiently
than just a few of us decrying it.
My personal view is that ALL traffic SHOULD be encrypted,
MITM protected, and authenticated, with the possibility of
anonymous authentication if so desired. Of course, this is
not practical today -- yet. But we're working to get there.
BTW, a source once told me that about 5% of all email traffic
is encrypted. So, your 1% figure is also just a part of the picture.
Cheers --/Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list