On 6/09/13 20:15 PM, Daniel Veditz wrote:
On 9/6/2013 9:52 AM, Raphaël Jacquot wrote:
To meet today’s PCI DSS crypto standards DHE is not required.
PCI is about credit card fraud.
So was SSL ;-) Sorry, couldn't resist...
Mastercard/Visa aren't worried that
criminals are storing all your internet purchase transactions with the
hope they can crack it later; if the FBI/NSA want your CC number they
can get it by asking.
That's what the crims do to, they ask for all the numbers, they don't
bother much with SSL.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
