At 2:21 PM -0700 6/3/03, Jeroen C. van Gelderen wrote: >Perhaps that measure is too coarse grained. For instance, in the domain >of "security advisories" most emails are digitally signed with OpenPGP. >And in the domain of online credit card payments HTTPS has displaced >HTTP.
I know of one system that takes credit cards over HTTPS, and then sends the credit card number, encrypted with GPG to a backend system for processing. It isn't perfect, but it's better than storing the credit card number on a database accessible to the web server. (I would feel a lot better if Amazon didn't remember my credit card number.) Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]