[13595] in cryptography@c2.net mail archive
Re: The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (James A. Donald)
Thu Jun 12 10:22:15 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 20:20:04 -0700
In-reply-to: <557dd8f2519377887312df07a5dd0977@ecn.org>
--
On 10 Jun 2003 at 23:26, Anonymous wrote:
> In short, if Palladium comes with the ability to download
> site-specific DLLs that can act as NCAs, it should allow for
> solving the spoofed-site problem once and for all. When you
> login to paypal or e-gold, you would authenticate yourself
> using a cert that only those sites could see. This can be
> done in the framework of standard SSL, but would require a
> Palladium-aware browser.
Well, this would work just great provided the browser was made
palladium aware in such a way as to be useful to the user,
rather than to verisign.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
VBdyipPLv5JzjJ0eIFxxeMDsO30Us9Mvs7lmm2ka
4R5+YjVhKptjgGIVZsjTfX5nDogjTf2G8x7fRhKmN
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
