Re: Google Secure Access

tomstdenis@gmail.com wrote:
> > As I was trying to say, any 'half-ass competent shop' won't need this
> > service. Your semi-tech-literate next-door neighbour that wants to
> > connect with wifi somewehere will. He doesn't have someone to set up a
> > VPN for himself, and has nowhere to set up an SSH tunnel to. His
> > concern is people packetsniffing his email password (for example),
> > which this solves neatly.
>
> No, it doesn't. First off, let's get one thing straight. His problem
> in this respect is that he's using an outdated mail login procedure.
> Any competent ISP will take the time to print brochures on how to setup
> email INCLUDING CLICKING ON THAT LITTLE SSL OPTION.

Quite likely he _should_. The fact remains that most people don't, and
most ISPs don't. In an ideal world, this would not be a problem, but
this is this world, and it is a problem. Not to mention, a large number
of sites have logins, including webmail ones, and how many of them use
SSL? Generally only those directly related to finanacial transaction
processing.

> Second, this doesn't address rogue APs which is a huge problem as
> basically you can't use ANY airport or "sign up via credit card"
> service ... ANYWHERE.

So? It doesn't address world hunger, either - does that matter? This is
at the wrong layer to address the rogue AP problem, and it's not its
aim in the first place.

-Nick Johnson
Received on Thu Sep 29 21:58:28 2005