[13472] in cryptography@c2.net mail archive
Re: Maybe It's Snake Oil All the Way Down
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Fri Jun 6 14:58:32 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "James A. Donald" <jamesd@echeque.com>
Cc: pgut001@cs.auckland.ac.nz (Peter Gutmann),
bill.stewart@pobox.com, cryptography@metzdowd.com,
cypherpunks@lne.com, rsalz@datapower.com, sguthery@mobile-mind.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 04 Jun 2003 20:37:49 -0700
In-Reply-To: <3EDE43EB.29325.1BDDA647@localhost>
"James A. Donald" <jamesd@echeque.com> writes:
> Eric Rescorla
> > Nonsense. One can simply cache the certificate, exactly as
> > one does with SSH. In fact, Mozilla at least does exactly
> > this if you tell it to. The reason that this is uncommon is
> > because the environments where HTTPS is used are generally
> > spontaneous and therefore certificate caching is less useful.
>
> Certificate caching is not the problem that needs solving. The
> problem is all this spam attempting to fool people into logging
> in to fake BofA websites and fake e-gold websites, to steal
> their passwords or credit card numbers
The only solutions to that problem involve getting rid of
passwords and credit card numbers. SSL does that job about
as well as we know how.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
