-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 18 April 2013 at 11:18:39 PM, in <mid:pine.neb.4.64.1304151809210.10...@panix3.panix.com>, Jay Sulzberger wrote: > 1. Is the stack used for credit card use over the Net > sufficiently "secure"? Indeed this question is ill > defined: "secure" for what, against what? People have used payment cards insecurely in person and over the phone for decades. Many are even daft enough to hand over cards to be kept behind the counter against open food/drink tabs. The currently-used systems for card payments over the internet are certainly also insufficiently secure. But I have no compelling reason to believe there is more of a problem now than in times gone by, rather than just greater awareness. > 2. In what ways does the problem of email encryption > differ from the problem of encrypting credit card and > other money-valuable data in transit, with http as the > transport protocol? In technical terms, I haven't a clue about the differing problems. But in my experience credit card purchases are usually secured by https, with certificates trusted by my browser manufacturer rather than by me. This contrasts with email encryption using GnuPG, where the decision to trust keys is nobody's but my own. > 3. If the stack used for credit card use over the Net > is good enough for most purchases, could we use a > similar stack to secure email in transit? In > particular, could we use a similar stack, with a > similar ease of learning and ease of use, as perceived > by most of the people who today buy stuff using a > credit card over the Net? As far as I can tell, the ease of use comes from a blind trust in browser developers' CA choices. I put it to you that this would be an undesirable model for securing email communications. - -- Best regards MFPA mailto:expires2...@ymail.com Don't learn safety rules by accident... -----BEGIN PGP SIGNATURE----- iQCVAwUBUXMsyqipC46tDG5pAQpPfwQAisBsQuLdSwJvK6yjUoflqWuajIOu5EH/ H+lCFJwUXgXdQid/UgQRfph/AGKZtkIfOsDHtk9eMWoRrMmjL/jvQGMu0vnStbii xlk2JAODHrb9Z7bcJpBMN3fGDoR2qNoywsQYEeW1M7SqPR5mMPE1bQWzGR2mrE2Q GK/VrGAKCY8= =1ahx -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
