Re: [SLUG] Passwords on the web

From: steve szmidt (steve@szmidt.org)
Date: Sat Sep 25 2004 - 12:42:10 EDT


On Friday 24 September 2004 03:53 pm, Levi Bard wrote:
> > Can't A. Random Badguy assert his own identity just as easily as B.
> > Random Goodguy can? If so, what does self-certification buy you?
>
> Frankly I trust Messrs. Badguy and Goodguy at least as much as I trust
> Verisign. And the SSL at least prevents password snooping and
> man-in-the-middle attacks.

That's not the point. The purpose with a well known signer is that the Public
trusts them. We don't care about the developer - he knows who he is.

That SSL works is also known. So it comes down to give the public a nice and
warm feeling when they enter confidential information.

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:03:40 EDT