[Top] [All Lists]

RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-08 22:45:11

"Eric Gray" <eric(_dot_)gray(_at_)ericsson(_dot_)com> writes:

Since the consumer ultimately pays the price in any case, perhaps a good
argument can be made for paying a portion of it up front?

And how are you going to convince the consumer of this?  They get "free"
protection currently with their credit cards, and now they have to pay for it?

(In fact there's already been a case of this failing in the past, when banks
asked customers to pay a little extra to get their photos put on their credit
cards for fraud protection.  Went down like a lead zeppelin).

Anything that involves customers having to pay for something that they
consider as a right to get for free is going to fail before it even starts.
That's actually not as bad as it sounds since it's one of the few hard-and-
fast design guidelines for this area, unlike most other things ("this may or
may not work, depending on the circumstances").


<Prev in Thread] Current Thread [Next in Thread>
  • RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Peter Gutmann <=