Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:What?! (Score 1) 897

The flaw isn't in the protocols, it's in your misuse of them.

The fundamental problem is that you need to be able to prove to someone who's never met you that you are who you say you are. There's just no way to do that, in software or in real life, without reference to some mutually trusted third party.

Say you're picking up theater tickets at will-call: they ask you to show an ID card which 1) you couldn't reasonably have made yourself (hence the third party), 2) has the same name on it that was used to buy the tickets, and 3) is verifiably tied to your physical identity via a photo. You have to provide all three of these elements in order to prove you own the tickets.

The solution you suggested originally -- having the user install your CA cert over a non-authenticated connection -- is like calling the box office before you leave the house to read them your driver's license over the phone. Two out of three elements are completely missing! What if someone else gets there before you do and says "Yeah, I'm spottedkangaroo, I called earlier"?

Slashdot Top Deals

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries