[17314] in cryptography@c2.net mail archive
Re: "SSL stops credit card sniffing" is a correlation/causality myth
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Thu Jun 2 12:10:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 01 Jun 2005 09:27:55 -0700
From: Tom Weinstein <tweinst@pacbell.net>
To: Ian G <iang@systemics.com>
Cc: =?ISO-8859-15?Q?Birger_T=F6dtmann?= <btoedtmann@iem.uni-due.de>,
"Steven M. Bellovin" <smb@cs.columbia.edu>,
"James A. Donald" <jamesd@echeque.com>, cryptography@metzdowd.com,
cypherpunks@lne.com
In-Reply-To: <200506011216.19822.iang@systemics.com>
Ian G wrote:
>But don't get me wrong - I am not saying that we should
>carry out a world wide pogrom on SSL/PKI. What I am
>saying is that once we accept that listening right now
>is not an issue - not a threat that is being actively
>dedended against - this allows us the wiggle room to
>deploy that infrastructure against phishing.
>
>Does that make sense?
>
>
No, not really. Until you can show me an Internet Draft for a solution
to phishing that requires that we give up SSL, I don't see any reason to
do so. As a consumer, I'd be very reluctant to give up SSL for credit
card transactions because I use it all the time and it makes me feel safer.
>What matters is now: what attacks are happening
>now. Does phishing exist, and does it take a lot of
>money? What can we do about it?
>
>
If you don't know what we can do about phishing, why do you think that
getting rid of SSL is a necessary first step? You seem to be putting the
cart in front of the horse.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| tweinst@pacbell.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
