On 09.09.2002 at 8:37 pm -0400, [EMAIL PROTECTED] wrote: >Or alternatively >why should it not be centered around the host who handles and is really the >one who has ultimate access and in who's trust the merchant or other hosted >client has to trust with any security sensitive information?
This has precisely been the question I've always had for the past oh 8 years or so that I've been aware of digital certificates w/rt https. It seemed like such a stupid (obvious) question that I have always assumed that there was something about the system that I was not grasping. The reason I (as an enterprise who sells services to people about the world) have an interest in digital certificates and https is to provide a secure channel for my customers and I to pass data to one another. I don't much give a rat's ass about whether Joe Third-Party Company considers me trustworthy or not; the only issue is whether my customer and I choose to trust each other. If we choose to, then we would like a secure channel of communication. My fundamental simple question on the subject: given that it's so easy (and cheap, i.e., free) for me to provide secure shell access to my clients, how can I do the same for HTTP connections, without having to pay money to a third party that neither of us particularly cares about? -ben -- Ben Kennedy, chief magician zygoat creative technical services 613-228-3392 | 1-866-466-4628 http://www.zygoat.ca
