[cryptography] So, PKI lets know who we're doing business with?

Jeffrey Walton noloader at gmail.com
Tue Jan 8 17:06:23 EST 2013


On Tue, Jan 8, 2013 at 3:59 PM, Thor Lancelot Simon <tls at panix.com> wrote:
> What do you do if even they don't know?  Today I tried to help someone
> who was mid-transaction on Amex's cardholder web site, associating a
> new card with their account, when the next step of their process hopped
> us over to https://www203.americanexpress.com.
I used to use Internet Explorer's Trusted Zones. The Internet was low,
while I made exceptions for Trusted sites such as <mybank>.com,
nist.gov, etc.

It was nearly impossible to use an organization's site because of of
the cross domain crap that was going on.

> https://www203.americanexpress.com
That's not too egregious (though its bad). What frustrates me is when
they send you to a different domain for the authentication or a
transaction. I won't add sites to the trusted base just because a web
master thought it was a good idea.

Jeff



More information about the cryptography mailing list