[cap-talk] Posters on Polaris and Petnames
Jed at Webstart
donnelley1 at webstart.com
Thu Jul 7 22:36:55 EDT 2005
At 01:58 PM 7/6/2005, Karp, Alan H wrote:
>Jed Donnelley wrote:
> > I was amazed when I saw your chart indicating that US Bank, PayPal,
> > and eBay don't use SSL on their default login page. Why in the world
> > not I wonder? The only possibility that comes to mind is to
> > save users
> > the cost of linking to an SSL protected page for the login. Wow.
> > Many of the personal IDs and passwords for US Bank and PayPal
> > and AOL customers fly across the Internet in clear text???
>It's not that bad. Do a View Source. You'll see that the POST of your
>password is done with https.
I see. I jumped a bit quick there. In that case the communication between
my browser and the Web site is still encrypted - though I could
have an identification problem that would go unseen. Is that the
reason "SSL used on default login page" was listed on the chart?
Namely that no technology like the petname toolbar or any other
cryptographic means can be used in an attempt to correctly identify
the Web site? In that case I have to admit that it seems a bit subtle
to me, particularly for a poster (as Ian Grigg mentioned).
More information about the cap-talk