[10103] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jan 14 09:26:35 2002
Message-ID: <3C42AB1E.92EA3754@algroup.co.uk>
Date: Mon, 14 Jan 2002 09:55:42 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: kudzu@tenebras.com
Cc: Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Michael Sierchio wrote:
>
> Carl Ellison wrote:
>
> > If that's not good enough for you, go to https://store.palm.com/
> > where you have an SSL secured page. SSL prevents a man in the middle
> > attack, right? This means your credit card info goes to Palm
> > Computing, right? Check the certificate.
>
> To be fair, most commercial CA's require evidence of "right to use"
> a FQDN in an SSL server cert. But your point is apt.
And most (all?) commercial CAs then disclaim any responsibility for
having actually checked that right correctly...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
