Re: ecommerce / ssl over 3g ?
- From: "Mike H" <no.spam@xxxxxxxxxxxxxx>
- Date: Wed, 23 Nov 2005 15:18:35 +0000 (UTC)
"Geoff Winkless" <usenet-at-geoff-dot-dj@[127.0.0.1]> wrote
> No they couldn't.
Yes, they could - but as I said, it depends on how they have their proxy set
up.
IIRC, as SSL is initiated, the client requests a key from the site. The
proxy, sitting in the middle of this exchange, grabs this request, and
requests one from the site itself instead. This way it gets the key! It then
sends the response on to the client.
Net result, you have a proxy sitting in the middle of an SSL session
watching data in the clear. Websweeper works like this (years ago and in a
previous career, I used to Alpha test for them).
- Mike
>
> If you have an SSL certificate that identifies itself as "mysite.com"
> and is issued by a trusted authority then only the "mysite.com" server
> can be sending the certificate and only the "mysite.com" server can
> decrypt the data. Otherwise the user gets a warning that the certificate
> being used isn't valid for the current site.
>
> 128-bit SSL is better than for "everyday use" - it would take trillions
> of years using the world's fastest computers to break it. Credit card
> info just isn't worth that amount of time and effort - it's far easier
> to get a job in a clearing house or bank, or (even easier) go to work
> for a hotel or pub chain where people "leave the card behind the bar".
>
> Geoff
.
- Follow-Ups:
- Re: ecommerce / ssl over 3g ?
- From: Geoff Winkless
- Re: ecommerce / ssl over 3g ?
- References:
- ecommerce / ssl over 3g ?
- From: .
- Re: ecommerce / ssl over 3g ?
- From: Chris
- Re: ecommerce / ssl over 3g ?
- From: Mike H
- Re: ecommerce / ssl over 3g ?
- From: Geoff Winkless
- ecommerce / ssl over 3g ?
- Prev by Date: Re: Text Messages - best deals
- Next by Date: Re: ecommerce / ssl over 3g ?
- Previous by thread: Re: ecommerce / ssl over 3g ?
- Next by thread: Re: ecommerce / ssl over 3g ?
- Index(es):
Relevant Pages
|
