ID "theft" -- so what?
Ben Laurie
ben at algroup.co.uk
Sun Aug 14 11:10:02 EDT 2005
Ian Grigg wrote:
> Too many words? OK, here's the short version
> of why phising occurs:
>
> "Browsers implement SSL+PKI and SSL+PKI is
> secure so we don't need to worry about it."
>
> PKI+SSL *is* the root cause of the problem. It's
> just not the certificate level but the business and
> architecture level. The *people* equation.
PKI+SSL does not _cause_ the problem, it merely fails to solve it. You
may as well blame HTTP - in fact, it would be fairer.
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list