W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2012

Re: MintChip launched by Royal Canadian Mint

From: David Nicol <davidnicol@gmail.com>
Date: Mon, 16 Apr 2012 15:19:20 -0500
Message-ID: <CAFwScO-6Nve9vPycTXu3TzDdk0Y=p-d_GLZp8QJRmmEW3oqjiw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments <public-webpayments@w3.org>, Fabio Barone <holon.earth@gmail.com>
On Sun, Apr 15, 2012 at 4:51 PM, Manu Sporny <msporny@digitalbazaar.com>wrote:

> On 04/15/2012 01:29 PM, Fabio Barone wrote:
>
>> Someone (apparently crypto expert) commented like this:
>>
>> "This is a step in the right direction, but there is a problem: it
>> uses https".
>>
>
> What is it about HTTPS that is problematic?
>

 It is my understanding (I am not an expert) that HTTPS is effective
against protecting communications on the wire from getting sniffed, and
nothing else. The HTTPS certificate registration infrastructure is
concerned with mitigating MITM attacks, and nothing else. Using either one
of these tools to do any more than those two things is therefore
inappropriate, no matter how well the application actually works or how
secure, efficient or reliable it is.

Now, back to confidently holding forth about things I am not an expert on
in other domains...
Received on Monday, 16 April 2012 20:19:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:20 UTC