-- On 8 Jun 2003 at 20:00, Anne & Lynn Wheeler wrote:
that is why we coined the term merchant "comfort" certificates some time ago. my wife and I having done early work for payment gateway with small client/server startup in menlo park ... that had this thing called SSL/HTTPS ... and then having to perform due diligence on the major issuers of certificates .... we recognized 1) vulnerabilities in the certificate process and 2) information hiding of transaction in flight only addressed a very small portion of the vulnerabilities and exploits.
https is like a strong fortress wall that only goes half way around the fortress. The most expensive and inconvenient part of https, getting certificates from verisign, is fairly useless. The useful part of https is that it has stopped password sniffing from networks, but the PKI part, where the server, but not the client, is supposedly authenticated, does not do much good. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9ZQw+0/xh1y28CkGulSQSVxewfy71qzXGHI8KJbN 4osBv1veq07jaMVh2zVetZVKqIRfQjiwJaKu99GqM