Re: PositiveSSL is not valid for browsers

Tue, 30 Dec 2008 12:28:18 -0800 

On 30/12/08 17:18, Nelson B Bolyard wrote:



What is particularly interesting here is that the online banking *is*
financially oriented, but SSL is not particularly good at it, has never
really been adequate or even compelling.


Ian, You're continuing to use the term "SSL" to describe something that
is FAR more than SSL.  The SSL protocol is VERY good at what it does,
and is particularly good for online banking.  IINM, the browser UI
experience that goes with https is the issue to which you are referring.
I would appreciate it if you would not call that SSL, because that is NOT SSL.



Yes, you are correct, I should be using one of these two terms:

  * secure browsing
  * NSS/root list usage

(I'm not sure how the last one is best termed).


Hence the green EV thing,


Which is in no way an alteration or replacement for SSL.


Right, secure browsing.



I honestly don't believe that it should be limited to financial
services (including due diligence related to providing financial
instruments including credit card numbers over the net between the
cardholder and the merchant).  But, that's what we currently have,
because the inertia is so entrenched that nobody has ever been able to
convince the browser vendors that it might even remotely be a good
idea.


The use of SSL and PKI is not limited to financial services.  Not even
close.
And the root list is similar. Even if we apply the "trust bits" thing, we still end up with a server-only differentiation. 


Right.  We have this obsession with protecting the old vision.


The old vision was to use SSL for every application protocol supported.
There is indeed an obsession with that.  Every day, I use every one of
the protocols I mentioned above over SSL (https, POP3S, IMAPS, SMTPS,
SNEWS and LDAPS).



Hmmm, different visions then.
A better way of answering Ben's point then is that the root list does not give us a way to separate out ecommerce use from every other use? 


iang

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to