[13609] in cryptography@c2.net mail archive
Re: The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Thu Jun 12 16:56:07 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 12 Jun 2003 15:24:19 -0400
From: "Jeffrey I. Schiller" <jis@mit.edu>
To: Nomen Nescio <nobody@dizum.com>
Cc: cryptography@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB7B0CBD46E63B03F6FD5256C
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Yep, I deployed such a PKI here at MIT back in 1996. Today every student
and most faculty and staff have certificates.
It really does work, but unfortunately the support for them in the
common browsers is quirky enough that we have our support fun! I can
understand why commercial sites shy away.
I have also been involved in efforts to get U.S. Higher Education to
start deploying client certificates. The big problem there is that
public key encryption appears to require more then the amount of clue
that most computer administrators seem to have, so education is a real
problem.
-Jeff
Nomen Nescio wrote:
> Jeffrey I. Schiller writes:
>
>
>>Oh, and btw, the form posting URL in my message wasn't even https, it
>>was just http. So all the futzing in the world with https wouldn't help!
>
>
> Of course it would help. Have you been following this discussion
> at all? The idea is to eliminate passwords as being of any value in
> getting access to PayPal or other ecommerce sites, by replacing them
> with client certificates. This implies using https or something
> cryptographically similar.
--------------enigB7B0CBD46E63B03F6FD5256C
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+6NNr8CBzV/QUlSsRAut3AKCOSOycROjA5zLI6sqjKE/QBRPMmgCeJIhA
gcaF8ED6z9m4Hve8sQk24LM=
=HzgB
-----END PGP SIGNATURE-----
--------------enigB7B0CBD46E63B03F6FD5256C--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
