Re: Netscape's little key icon

• To: pj@netfactory.com (P.J. Stafford)
• Subject: Re: Netscape's little key icon
• From: "Ong Guan Sin" <cceonggs@leonis.nus.sg>
• Date: Tue, 28 Nov 1995 20:50:10 +0800 (SST)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199511280012.TAA27434@netfactory.com> from "P.J. Stafford" at Nov 27, 95 07:12:41 pm

-----BEGIN PGP SIGNED MESSAGE-----

> I've got a follow up question:  If an order is taken on a "secure" form, but
> the results of the order form are send automatically to the clients email
> address (say, on AOL), isnt the credit card # flying thought the Net in a
> clear email ? The only thing that appears to be secure is the shoppers
> interaction with the server, but when the server sends the order outside the
> machine to the person who receives the order, the credit card is "unsecure".
> 
> Do I have this right ?  If yes, is the only solution for the server to send
> a PGP encoded mail message to the person who receives the orders ?

Yes, you are right. In order to be really secure, the path in which the 
information travels from the sender to the *final* recipient must be 
completely secure or encrypted. For example, over here we have a secure 
server which will PGP-encrypt on the fly all orders received from the 
browsers and email the encrypted messages to the vendors. The information 
should only appear as clear text at the recipient's local system, 
preferably a PC he/she access through the console instead of through 
telnet or remote login.

GS

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Go for PGP!

iQCVAwUBMLsFPuM1L92l84PBAQGmYgP9EMhD4nLPN0Hs+mObSQ9HZWcKabgV9aHj
WlzCQ4RhtEBbGfLaFzf2+1jcibkZnelHIoWD1/S3Y1pBvq8SF5pz77LfJ7gONl2B
PwU071UxxZx3+H1C6KMCuwsHlwJo31VM+WLvNc5yPHHz2Rr2GATOQojXBfgv80r8
8yfFgQ6DhJ0=
=1zfT
-----END PGP SIGNATURE-----

• Re: Netscape's little key icon
• From: pj@netfactory.com (P.J. Stafford)

• Previous: Re: Netscape's little key icon
• Next: source code security
• Index(es):
  • Index
  • Thread