Re: SSL + PGP

Enzo Michelangeli (em@who.net)
Thu, 29 Apr 1999 07:51:20 +0800

• Next message: Vin McLellan: "Re: Starium announces STU-III for the masses"
• Previous message: Ian Grigg: "Re: SSL + PGP"
• In reply to: Michael Bauer: "SSL + PGP"
• Next in thread: Michael Bauer: "Re: SSL + PGP"
• Reply: Michael Bauer: "Re: SSL + PGP"

-----Original Message-----
From: mgraffam@idsi.net <mgraffam@idsi.net>
To: Michael Bauer <mick@visi.com>
Cc: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Thursday, April 29, 1999 4:39 AM
Subject: Re: SSL + PGP

>Sounds like it could be made to work.. but if the end destination is
>the accountant, why not let the user talk to him directly? Write some
>Java to process the credit card number on the user's computer and
>encrypt it with the account's PK and email it to him -- this way, the
>possibility of weak 40-bit SSL never appears, and the web-server end
>can be pretty much read only (never has to store credit card numbers
>or anything).

If the web server is in the US, there may be legal problems with that
solution. Couldn't uploading crypto applets to foreign browsers be
considered equivalent to exporting cryptographic software?

Enzo

• Next message: Vin McLellan: "Re: Starium announces STU-III for the masses"
• Previous message: Ian Grigg: "Re: SSL + PGP"
• In reply to: Michael Bauer: "SSL + PGP"
• Next in thread: Michael Bauer: "Re: SSL + PGP"
• Reply: Michael Bauer: "Re: SSL + PGP"