Enzo Michelangeli (em@who.net)
Thu, 29 Apr 1999 07:51:20 +0800
-----Original Message-----
From: mgraffam@idsi.net <mgraffam@idsi.net>
To: Michael Bauer <mick@visi.com>
Cc: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Thursday, April 29, 1999 4:39 AM
Subject: Re: SSL + PGP
>Sounds like it could be made to work.. but if the end destination is
>the accountant, why not let the user talk to him directly? Write some
>Java to process the credit card number on the user's computer and
>encrypt it with the account's PK and email it to him -- this way, the
>possibility of weak 40-bit SSL never appears, and the web-server end
>can be pretty much read only (never has to store credit card numbers
>or anything).
If the web server is in the US, there may be legal problems with that
solution. Couldn't uploading crypto applets to foreign browsers be
considered equivalent to exporting cryptographic software?
Enzo
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23