[10100] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Carl Ellison)
Sun Jan 13 21:26:55 2002
Message-Id: <3.0.5.32.20020112114441.01d5d490@localhost>
Date: Sat, 12 Jan 2002 11:44:41 -0800
To: SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
From: Carl Ellison <cme@acm.org>
In-Reply-To: <3C408F13.C4BF01E9@tenebras.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 11:31 AM 1/12/2002 -0800, Michael Sierchio wrote:
>Carl Ellison wrote:
>
>> If that's not good enough for you, go to https://store.palm.com/
>> where you have an SSL secured page. SSL prevents a man in the
>> middle attack, right? This means your credit card info goes to
>> Palm
>> Computing, right? Check the certificate.
>
>To be fair, most commercial CA's require evidence of "right to use"
>a FQDN in an SSL server cert. But your point is apt.
I should hope they do. My point is only that I, as the relying
party, have not been shown that proof. The PKI has not conveyed that
evidence to me. The propper authorization certificate would have.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
