[15763] in cryptography@c2.net mail archive
Re: Humorous anti-SSL PR
daemon@ATHENA.MIT.EDU (Ian Grigg)
Thu Jul 15 17:34:52 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 15 Jul 2004 20:18:47 +0100
From: Ian Grigg <iang@systemics.com>
To: J Harper <jsec@peersec.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <047901c46a8e$a7fdb9a0$6701a8c0@towelie>
J Harper wrote:
> This barely deserves mention, but is worth it for the humor:
> "Information Security Expert says SSL (Secure Socket Layer) is Nothing More
> Than a Condom that Just Protects the Pipe"
> http://www.prweb.com/releases/2004/7/prweb141248.htm
I guess the intention was to provide more end-to-end
security for transaction data. After a reasonable start,
if a bit scattered, it breaks down with this:
"What we can be certain of is that it is not possible
to have a man-in-the-middle attack with FormsAssurity
– encryption ensures that the form has really come from
the claimed web site, the form has not been altered,
and the only person that can read the information
filled in on the form is the authorized site."
Which is quite inconsistent - so much so that it seems
that the press release writer got confused over which
system he or she was talking about.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
