From: Joe Buck <jbuck@Synopsys.COM> However, I disagree with your conclusion: [...] There's plenty of stuff that *does* need protection, but I'm not sure credit card #'s head the list.
You're right, of course, if you discount the hassle of getting the transactions cancelled whenever your credit card number is used fraudulently. I have much a better example (and a real one, too): I have an account at Wells Fargo Bank near San Fransisco. They recently started offering web access to their customers. That would be great for me because banking by phone is pretty expensive when I'm in France, and it's not always easy for me to understand American accents. So they would give me a password that I can use for some set of operations. I don't know which one exactly, but I would expect it to include electronic transfers from my account to anywhere else. The password is protected by the SSL connection. That would be fine if I had the full SSL security, but in France I can only get the exportable version of Netscape. As a result, I won't be using this service. There's the beginning of a market for full-SSL clients and servers outside the US. Maybe Netscape should go multinational right now. -- Damien