5 Dec
2003
5 Dec
'03
10:55 a.m.
I would never trust a ssl certificate for that purpose. It does provide a reasonable effort to keep information between me and the server confidential. That's worth something, I guess.
I agree with you, I just don't think this is reasonable. If the CA's aren't going to keep tabs on your stuff (and I'm not just picking on thawte here) and the browsers both don't differentiate between CA's, and make it easy for the user to accept random certificates or bypass the certification mechanism entirely, I don't think it is a reasonable effort. The whole process is flawed. -Bob