Web-Dedicated Metacard

Chipp Walters chipp at chipp.com
Tue Dec 24 11:03:01 EST 2002


Andu,

Chipp says:<snip>
> > 	b) be certified as 'safe' by a reputable 3rd party (the Microsoft
> > approach).

Andu replies:<snip>
> This is what tripped me in your previous message too, and this is what I
> was referring to as the illusion of security being worse then no security
> at all.

The 3rd party 'certification' I was referring to is through Verisign
Certificates (not Microsoft), the *same* guys who do the SSL server IDs.
Over 90% of SSL (Secure Socket Layer) websites use Verisign, so apparently
they are a trustworthy source.

Remember the purpose of security certificates is merely to provide a means
whereby you can trust entities (companies and people) on the internet. A
security certificate does not in any way imply a web site is "good", will
protect your privacy or will deliver your products.

Of course there are ways to 'spoof' a certificate, but in any case, the user
will still get a popup window asking if they want to install the ActiveX
control, unlike something that autoruns on page load.

Certainly no technique is perfect.

-Chipp




More information about the metacard mailing list