"SSL stops credit card sniffing" is a correlation/causality myth
Tom Weinstein
tweinst at pacbell.net
Wed Jun 1 09:27:55 PDT 2005
Ian G wrote:
>But don't get me wrong - I am not saying that we should
>carry out a world wide pogrom on SSL/PKI. What I am
>saying is that once we accept that listening right now
>is not an issue - not a threat that is being actively
>dedended against - this allows us the wiggle room to
>deploy that infrastructure against phishing.
>
>Does that make sense?
>
>
No, not really. Until you can show me an Internet Draft for a solution
to phishing that requires that we give up SSL, I don't see any reason to
do so. As a consumer, I'd be very reluctant to give up SSL for credit
card transactions because I use it all the time and it makes me feel safer.
>What matters is now: what attacks are happening
>now. Does phishing exist, and does it take a lot of
>money? What can we do about it?
>
>
If you don't know what we can do about phishing, why do you think that
getting rid of SSL is a necessary first step? You seem to be putting the
cart in front of the horse.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| tweinst at pacbell.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cypherpunks-legacy
mailing list