Web-Dedicated Metacard
Chipp Walters
chipp at chipp.com
Tue Dec 24 11:03:01 EST 2002
Andu,
Chipp says:<snip>
> > b) be certified as 'safe' by a reputable 3rd party (the Microsoft
> > approach).
Andu replies:<snip>
> This is what tripped me in your previous message too, and this is what I
> was referring to as the illusion of security being worse then no security
> at all.
The 3rd party 'certification' I was referring to is through Verisign
Certificates (not Microsoft), the *same* guys who do the SSL server IDs.
Over 90% of SSL (Secure Socket Layer) websites use Verisign, so apparently
they are a trustworthy source.
Remember the purpose of security certificates is merely to provide a means
whereby you can trust entities (companies and people) on the internet. A
security certificate does not in any way imply a web site is "good", will
protect your privacy or will deliver your products.
Of course there are ways to 'spoof' a certificate, but in any case, the user
will still get a popup window asking if they want to install the ActiveX
control, unlike something that autoruns on page load.
Certainly no technique is perfect.
-Chipp
More information about the metacard
mailing list