On Wed, 2008-09-03 at 19:57 +0930, Tim wrote: > On Tue, 2008-09-02 at 10:33 -0430, Patrick O'Callaghan wrote: > > The irony is that if you read Versign's documentation, they don't > > actually claim to guarantee this. They just go through some > > standardized checking process involving external authorities such as > > notaries or business registries. A sufficiently interested adversary > > can quite easily register a company and get a certificate. > > LOL... It does seem to be typical that security is just a veneer. That's a generalization, but a lot of security is theatre, as Bruce Schneier often says. > Some banks are just as bad, if you say that you don't have the > identification that they're asking for often enough, they give in and > let you do what you wanted without good verification. They can also be > too helpful with people who've forgotten their passwords. Quoting Bruce again, security decisions are in the end made on economic grounds. If the banks don't lose much from lax online security, they'll have lax online security. To the extent that they have to compensate customers, their security gets better. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines