At 05:45 PM 12/26/2001 -0500, Perry E. Metzger wrote: > > >"Phillip Hallam-Baker" <[EMAIL PROTECTED]> writes: >> Methinks you complain too much. >> >> PKI is in widespread use, it is just not that noticeable when you >> use it. This is how it should be. SSL is widely used to secure >> internet payment transactions. > >HTTPS SSL does not use PKI. SSL at best has this weird system in >which Verisign has somehow managed to charge web sites a toll for >the use of SSL even though for the most part the certificates assure >the users of nothing whatsoever. (If you don't believe me about the >assurance >levels, read a Verisign cert practice statement sometime.)
If that's not good enough for you, go to https://store.palm.com/ where you have an SSL secured page. SSL prevents a man in the middle attack, right? This means your credit card info goes to Palm Computing, right? Check the certificate. +------------------------------------------------------------------+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]