[FoRK] Re: identity-based encryption

Gordon Mohr gojomo at usa.net
Tue Feb 10 13:08:40 PST 2004


Tyler Close wrote:
> On Tue February 10 2004 12:11 am, Gordon Mohr wrote:
> 
>>And yet, as bad as 'phishing' and other confusion-based attacks
>>have shown (for one example) SSL and the browser 'lock'/domain
>>approach to be, it's still been (1) better than nothing;
> 
> Prove it.

http://finance.yahoo.com/q/bc?s=AMZN&t=my&l=on&z=m&q=l&c=

> You may want to note that many respected security researchers
> disagree with your assertion. In particular, Bruce Schneier has
> written:
> 
> "Digital certificates provide no actual security for electronic
> commerce; it's a complete sham."

Not that money is the ultimate arbiter of truth, but how much
commerce, satisfying customers and enriching businesses, has
occured through Schneier-approved e-commerce systems, and how
much has occurred through 'sham' SSL/certificate systems?

Even a modicum of protection that only works against dumb and
lazy criminals is better than none at all. And even placebo
security blankets can be (1) better than nothing and (2)
good enough for valuable work to get done.

The proof is in the pudding:

https://www.walmart.com/catalog/product.gsp?product_id=2061585&sourceid=1500000000000000624050

- Gordon


More information about the FoRK mailing list