At 2:21 PM -0700 6/3/03, Jeroen C. van Gelderen wrote:
Perhaps that measure is too coarse grained. For instance, in the domain of "security advisories" most emails are digitally signed with OpenPGP. And in the domain of online credit card payments HTTPS has displaced HTTP.
I know of one system that takes credit cards over HTTPS, and then sends the credit card number, encrypted with GPG to a backend system for processing. It isn't perfect, but it's better than storing the credit card number on a database accessible to the web server. (I would feel a lot better if Amazon didn't remember my credit card number.) Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz@pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com