[10101] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Derek Atkins)
Sun Jan 13 21:28:06 2002
To: kudzu@tenebras.com
Cc: Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.MIT.EDU>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
From: Derek Atkins <warlord@MIT.EDU>
Date: 13 Jan 2002 13:03:59 -0500
In-Reply-To: <3C408F13.C4BF01E9@tenebras.com>
Message-ID: <sjmwuym3z74.fsf@indiana.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Michael Sierchio <kudzu@tenebras.com> writes:
> Carl Ellison wrote:
>
> > If that's not good enough for you, go to https://store.palm.com/
> > where you have an SSL secured page. SSL prevents a man in the middle
> > attack, right? This means your credit card info goes to Palm
> > Computing, right? Check the certificate.
>
> To be fair, most commercial CA's require evidence of "right to use"
> a FQDN in an SSL server cert. But your point is apt.
Yes, but it only takes one of the hundreds of CAs to fail to make
this check and the whole system fails. C.f. Verisign signing a
fake MicroSoft cert last year....
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
