Maybe It's Snake Oil All the Way Down
Eric Rescorla
ekr at rtfm.com
Wed Jun 4 16:42:32 PDT 2003
"James A. Donald" <jamesd at echeque.com> writes:
> --
> James A. Donald
> > > Or to say the same thing in different words -- why can't
> > > HTTPS be more like SSH? Why are we seeing a snow storm
> > > of scam mails trying to get us to login to e-g0ld.com?
>
> Eric Rescorla
> > Because HTTPS is designed to let you talk to people you've
> > never talked before, which is an inherently harder problem
> > than allowing you to talk to people you have.
>
> In attempting to solve the hard problem, it fails to make
> provision for solving the easy problem.
Nonsense. One can simply cache the certificate, exactly as
one does with SSH. In fact, Mozilla at least does exactly
this if you tell it to. The reason that this is uncommon
is because the environments where HTTPS is used
are generally spontaneous and therefore certificate caching
is less useful.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cypherpunks-legacy
mailing list