[Previous] [Next] [Index]
[Thread]
Re: SSL and certificates
At 5:24 AM -0700 8/27/96, Michael Brennen wrote:
>At least one well advertised national Internet mall advertises its secure
>credit card server -- then turns around and emails the CC to the client
>unencrypted. Incredible. That is the most vulnerable side, as the email
>sits on a disk for some period of time where it is the most subject to
>being picked off. This *is* lulling users into false security, and it is
>deliberate; I believe they know the security risks involved.
>
>With a well designed system, including proper PGP key and passphrase
>management training to the client, the risks involved can be very greatly
>reduced so that the risks are almost certainly lower than any other use of
>CCs.
Michael,
I realize that this is a weak link (getting the CC# from server to
merchant), but are there well-established alternatives?
E.g. are there versions of PGP that an ISP can install on a UNIX box in a
simple fashion?
And then what? Do you write as part of the order-taking form-processing cgi
a call to PGP before SENDMAIL?
Thanks!
___
|
\_|IM
-----------------------------------------------------------
Jim Ratliff, Ph.D. jim@virtualperfection.com
Virtual Perfection http://www.virtualperfection.com/
Web Solutions (520)624-7852
P.O.Box 43995 (800)578-2164
Tucson AZ 85733 (520)624-9266[fax]
-----------------------------------------------------------
Follow-Ups:
References: