[cryptography] So, PKI lets know who we're doing business with?

Bernie Cosell bernie at fantasyfarm.com
Tue Jan 8 17:47:33 EST 2013


On 8 Jan 2013 at 17:06, Jeffrey Walton wrote:

> > https://www203.americanexpress.com
> That's not too egregious (though its bad). What frustrates me is when
> they send you to a different domain for the authentication or a
> transaction. I won't add sites to the trusted base just because a web
> master thought it was a good idea.

Similar thing for me: One of my accounts is with StellarOne bank.  Main 
site is not HTTPS nor redirects.  But when you put in your account ID you 
get sent to netteller.com with a certificate owned by Jack Henry and 
Associates, Inc.  I called the bank to ask about that and they said that 
that's OK -- "Jack Henry", whoever that is, handles their online banking 
machinery so it is a legit redirect.  But it sure was disconcerting...

  /Bernie\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       






More information about the cryptography mailing list