Julien Pierre wrote:
Duane wrote:
Surely any form of encryption is better then in the clear?
Only if you are encrypting to the correct party, and not to a thief.
This is why we have CAs and trust.
That's too big a jump. It's quite hard for a thief
to jump in the middle and change things. It's
much easier to eavesdrop. And, even that's only
easy for outsiders when on open networks such as
unswitched ethernet or 802.11b, so quite a limited
part of the net (e.g., the University experience
recently discussed).
There is now substantial experience with crypto
sans certs resulting as an essential protection.
SSH has (for one) shown that in an aggressive
attack environment, opportunistic cryptography
works well. In a market experience sense, SSH
saw off the wannabes of telnet and secure-telnet
(which used SSL and certs); they're just bad
dreams to those who've used both.
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
