1995-08-16 - Re: SSL challenge – broken !

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Joe Buck <jbuck@synopsys.com>
Message Hash: 76239624c4918a4124081f3214243a89b2ffc08d641d296c766f24811c326215
Message ID: <199508162324.TAA00306@frankenstein.piermont.com>
Reply To: <199508162315.QAA04306@deerslayer.synopsys.com>
UTC Datetime: 1995-08-16 23:25:22 UTC
Raw Date: Wed, 16 Aug 95 16:25:22 PDT

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 16 Aug 95 16:25:22 PDT
To: Joe Buck <jbuck@synopsys.com>
Subject: Re: SSL challenge -- broken !
In-Reply-To: <199508162315.QAA04306@deerslayer.synopsys.com>
Message-ID: <199508162324.TAA00306@frankenstein.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Joe Buck writes:
> However, I disagree with your conclusion:
> 
> > Don't trust your credit card number to this protocol.
> 
> Your credit card number, expiration date, etc, are continually being
> revealed to minimum-wage clerks all the time, unless you never use the
> card. 

On the other hand, those clerks can be traced down in most cases and
have fairly limited numbers of cards they get. It might be very
profitable to run a vacuum cleaner operation on the net slurping down
credit card number or other confidential information and then selling
it in bulk to people who could exploit it.

.pm





Thread