On 09.09.2002 at 8:37 pm -0400, Xen0nine@aol.com wrote:
>Or alternatively
>why should it not be centered around the host who handles and is really the
>one who has ultimate access and in who's trust the merchant or other hosted
>client has to trust with any security sensitive information?
This has precisely been the question I've always had for the past oh 8
years or so that I've been aware of digital certificates w/rt https. It
seemed like such a stupid (obvious) question that I have always assumed
that there was something about the system that I was not grasping.
The reason I (as an enterprise who sells services to people about the
world) have an interest in digital certificates and https is to provide a
secure channel for my customers and I to pass data to one another. I
don't much give a rat's ass about whether Joe Third-Party Company
considers me trustworthy or not; the only issue is whether my customer
and I choose to trust each other. If we choose to, then we would like a
secure channel of communication.
My fundamental simple question on the subject: given that it's so easy
(and cheap, i.e., free) for me to provide secure shell access to my
clients, how can I do the same for HTTP connections, without having to
pay money to a third party that neither of us particularly cares about?
-ben
-- Ben Kennedy, chief magician zygoat creative technical services 613-228-3392 | 1-866-466-4628 http://www.zygoat.ca
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:25 EDT