Nelson Bolyard wrote:
Ian G wrote:
On Wednesday 18 May 2005 07:24, Nelson B wrote:
Ian G wrote:
In practice, sites see HTTPS as a cost, and a barrier. It doesn't provide any protection that they *need* although this might be less true in the future and for big sites.
So, you're saying they don't need encryption, they don't need authentication, they don't need validation, and (I gather)
Actually, the sites need authentication and validation, but of their users, and this is provided by passwords and user names, primarily.
[...] the passwords are protected from eavesdropping by SSL.
So, you're saying they need password protection from eavesdropping, but not encryption, authentication or validation?
I've heared about a new protection scheme from chip maker Intel and MS, they are working on it for DRM at start (note that it requires IP6 to work) and can be considered to be pretty water tight.
Michael. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
