Ian G wrote:
On Wednesday 18 May 2005 07:24, Nelson B wrote:
Ian G wrote:
In practice, sites see HTTPS as a cost, and a barrier. It doesn't
provide any protection that they *need* although this might be
less true in the future and for big sites.
So, you're saying they don't need encryption, they don't need
authentication, they don't need validation, and (I gather)
Actually, the sites need authentication and validation,
but of their users, and this is provided by passwords
and user names, primarily.
[...] the passwords are protected from eavesdropping by SSL.
So, you're saying they need password protection from eavesdropping,
but not encryption, authentication or validation?
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
