[cryptography] So, PKI lets know who we're doing business with?
noloader at gmail.com
Tue Jan 8 17:06:23 EST 2013
On Tue, Jan 8, 2013 at 3:59 PM, Thor Lancelot Simon <tls at panix.com> wrote:
> What do you do if even they don't know? Today I tried to help someone
> who was mid-transaction on Amex's cardholder web site, associating a
> new card with their account, when the next step of their process hopped
> us over to https://www203.americanexpress.com.
I used to use Internet Explorer's Trusted Zones. The Internet was low,
while I made exceptions for Trusted sites such as <mybank>.com,
It was nearly impossible to use an organization's site because of of
the cross domain crap that was going on.
That's not too egregious (though its bad). What frustrates me is when
they send you to a different domain for the authentication or a
transaction. I won't add sites to the trusted base just because a web
master thought it was a good idea.
More information about the cryptography