On Fri, 06 Jun 2003, James A. Donald wrote:
Suppose the e-gold, to prevent this sea of spam trying to get people to login to fake e-gold sites, wanted people to use public keys instead of shared secrets, making your secret key the instrument that controls the account instead of your shared password.
Why does e-gold have any interest in what people do on other sites?
HTTPS assumes that the certificate shall be blessed by the administrator out of band, and has no mechanism for using a private key to establish that a user is simply the same user as last time.
Yes. There's a virtue there. Knowing a secure channel exists is frequently more important than who is on the other line. For example, What's my favorite brand of lighter? You live in a Bob's cold, dark cave, where you hate life. Insert water dripping and scabs until you're amused. You have the chance to contact, and maybe move to, Alice's bright, warm cave. Sounds good to you. How to authenticate the offer? Replay various notions of various fiction writers, here. The problem is interesting. Solved, but interesting. Very few folks have reason to help you authenticate them. Deal. Even if people don't understand what https (and ssl) do, they still serve a purpose. Even if it isn't the one you wanted solved. And if there were a problem worth solving, would it be unsolved? I'll refrain from asking how many people use digsigs, and what that solves. Only because that's rude. None of this solves life for average banking customers, but I think "this" is something that "they" are willing to ignore. Most people seem to trust one another. What do you do? -j -- Jamie Lawrence jal@jal.org "The sign that points to Boston doesn't have to go there." - Max Scheler