M2c: Credit card organizations and banks have successfully generated the
image that strong encryption protecting from fraudaulent use of credit
cards is solely in the interest of the customer. What the customer is
actually protected from is an increase in credit card fees, since the CC
organization usually pays in case of a fraud, not the customer. A higher
risk for the CCO would mean higher fees to retain their profit margins.
As far as I know, there has never been a fraud by decrypting some
electronic traffic, although with the more wide-spread use of SSL, faster
hardware, etc, the possibilty is there. I feel that there is also some PR
thing going on: Those capable of providing strong encryption (ie, financial
institutions) are quick stating that 40-bit encryption is just not good
enough (I guess they are right?). Everybody wants high and strong, not low
and weak.
Would some fortifying SSL proxy server work? Ie, browser talks 40-bit to
SSL proxy, SSL proxy talks 128-bit to destination host. All very
inconvenient though.
Summary: Can someone please write a great browser based on OpenSSL and send
me a copy? ;-)
Juergen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
