On Tue, 31 Jul 2001, Stephen Loosley wrote:
> However, your pessimism regarding possible e-commerce solutions
> such as those forms which DigiCerf may encourage wouldn't appear
> all that helpful, imho.
Helpfulness is not pessimism's objective. It is intended
to point out the worser case scenarios. In the case of computer
security and digital certification, one can never err on the
side of too much pessimism.
I'm not marketing Digit certs to inexperienced lay people using
dangerously insecure PCs.
> If the DigiCerf solution is not to your liking what
> with your opinion of the average PC punter as brainless, do you have
> another suggestion for encouraging on-line commerce?
What is wrong with the good ole 'username + password' scheme
that seems to be working fine for many existing e-commerce
solutions? Anecdotal: I work/consult in C2B and B2B - and one aspect
my work involves optionally offering digital certs as an
authentication mechanism for the B2B customers. How many have
taken us up on the offer? Zero. Too messy. Too complex to
administer. Too hard to maintain certification. Without failure,
all customers stick with username + password authentication.
Cheers
RickW
_____________________________________________
Rick Welykochy || Praxis Services Pty Limited
"Those who do not understand Unix are condemned to reinvent it, poorly."
- Henry Spencer
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:02 EST