[triadtechtalk] Re: Security!
- From: RPRKOCVGGPED@xxxxxxxxxxxxx
- To: triadtechtalk@xxxxxxxxxxxxx
- Date: Fri, 7 Sep 2001 12:16:55 -0700
From: cabehogan
> --from "cabehogan" <cabehogan@xxxxxxxxxxx>--
> --reply triadtechtalk@xxxxxxxxxxxxxxx
>
>
>
> *** Triad Tech Talk
> (www.freelists.org/cgi-bin/webpage?webpage_id=triadtechtalk) ***
>
>
<snip>
>
> And of course I agree and if I were in business
> which would require many contracts daily, I would
> most certainly use such an envelope, but I seldom
> even make a purchase on the web and when I do, it
> is such a small amount that it's not worth
> worrying over and of course I am assuming that
> what I do have encrypts my credit card number so
> that it is safe from other using it and that is
> sufficient for my needs IMHO!
Well, if you send a credit card number by email, then whomever views it can
charge whatever they want to it. The small amount is irrelevant, once they
have the number. This is why you need the security of a secure web page for
your credit card transactions.
As for digital signatures, I wish they were used heavily, but they aren't,
yet. They can be, in theory, but not in practice yet, legal signatures in
the US. The reason I wish they were used heavily is that, as things are now,
if I have your credit card number, I can use it online at will, pretending
to be you. Even if you sent the number in securely, you have to trust the
merchant and the people he works for. With digital signatures, even if the
company you bought an item from wanted to rob you, they couldn't. You could
even use them to make electronic withdrawals from a bank account, and if the
bank itself tried to rob you, you could prove you didn't make the
withdrawals because the bank can't fake your digital signature.
> > Of course, it is a really really _strong_
> envelope....
>
> I would believe so!
>
> > If anyone wants to use secure email using the
> OpenPGP standard, but doesn't
> > want to use PGP yet, you can use
> www.hushmail.com. I haven't had a chance to
> > check them out thoroughly yet, but they use
> OpenPGP, which is supposed to be
> > able to interact with any other OpenPGP program,
> including PGP itself.
> > Phillip Zimmerman, the creator of the original
> PGP, went to work with Hush
> > to add OpenPGP when he left the company that now
> owns PGP. He apparently
> > didn't like the fact that the current owners
> wouldn't give out the source
> > code of PGP, and thus people around the world
> cannot analyze the code for
> > flaws and backdoors, one of PGP's strengths.
>
> Yes, that would be a viable alternative for those
> who feel that their circumstances warrant it!
>
> .......clarence.......
Or who just want to make the web a more secure place.
Have you noticed that the fastest rising crime in the US is identity theft?
With digital signatures and routine encryption, we could virtually wipe it
out tomorrow, online. A very large number of the stories you hear in the
press today about privacy invasions by individuals, governments, and
companies large and small, as well as many electronic crimes, could be
eliminated if these things were only routine.
Sorry if I am getting into a rant. I guess it is a good thing this is
Off-topic Friday.
David Nasset, Sr.
UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with
unsubscribe in the Subject field.
To VIEW/CHANGE your subscription status go to
//www.freelists.org/webpage/triadtechtalk
Other related posts:
