security
Dick Hardt
dick at sxip.com
Mon Oct 23 16:35:16 UTC 2006
On 23-Oct-06, at 4:38 AM, James A. Donald wrote:
> Dick Hardt wrote:
> > > > This is like saying that all websites should use
> > > > SSL and we should stop allowing HTTP because it is
> > > > insecure. Where would the web be if all sites had
> > > > to run SSL to start off with?
>
> James A. Donald:
> > > Well for one thing we would not now have a massive
> > > phishing crisis.
>
> Dick Hardt
> > Uh, pretty much all sites targeted by phishing are
> > running SSL.
>
> The phishing sites are seldom running SSL. If all sites
> *had* to run SSL, this would make phishing substantially
> more difficult.
I did not say the phishing site was running SSL. I said the site
targeted by phishing was.
-- Dick
More information about the general
mailing list