[10097] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Carl Ellison)
Sun Jan 13 21:21:37 2002
Message-Id: <3.0.5.32.20020112104918.019d70a0@localhost>
Date: Sat, 12 Jan 2002 10:49:18 -0800
To: "Perry E. Metzger" <perry@wasabisystems.com>
From: Carl Ellison <cme@acm.org>
Cc: "Phillip Hallam-Baker" <hallam@ai.mit.edu>,
"SPKI Mailing List" <spki@wasabisystems.com>,
<cryptography@wasabisystems.com>
In-Reply-To: <874rmd8us9.fsf@snark.piermont.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 05:45 PM 12/26/2001 -0500, Perry E. Metzger wrote:
>
>
>"Phillip Hallam-Baker" <hallam@ai.mit.edu> writes:
>> Methinks you complain too much.
>>
>> PKI is in widespread use, it is just not that noticeable when you
>> use it. This is how it should be. SSL is widely used to secure
>> internet payment transactions.
>
>HTTPS SSL does not use PKI. SSL at best has this weird system in
>which Verisign has somehow managed to charge web sites a toll for
>the use of SSL even though for the most part the certificates assure
>the users of nothing whatsoever. (If you don't believe me about the
>assurance
>levels, read a Verisign cert practice statement sometime.)
If that's not good enough for you, go to https://store.palm.com/
where you have an SSL secured page. SSL prevents a man in the middle
attack, right? This means your credit card info goes to Palm
Computing, right? Check the certificate.
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
