[10112] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jan 14 11:07:24 2002
Message-ID: <3C42FF54.6531208A@algroup.co.uk>
Date: Mon, 14 Jan 2002 15:55:00 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: EKR <ekr@rtfm.com>
Cc: kudzu@tenebras.com, Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Eric Rescorla wrote:
>
> Ben Laurie <ben@algroup.co.uk> writes:
>
> > Michael Sierchio wrote:
> > >
> > > Carl Ellison wrote:
> > >
> > > > If that's not good enough for you, go to https://store.palm.com/
> > > > where you have an SSL secured page. SSL prevents a man in the middle
> > > > attack, right? This means your credit card info goes to Palm
> > > > Computing, right? Check the certificate.
> > >
> > > To be fair, most commercial CA's require evidence of "right to use"
> > > a FQDN in an SSL server cert. But your point is apt.
> >
> > And most (all?) commercial CAs then disclaim any responsibility for
> > having actually checked that right correctly...
> While this is true, I'd point out that all the security software
> you're using disclaims any responsibility for not having gaping
> security holes.
I have the source to all the security software I'm using... in fact, I
wrote quite a lot of it :-)
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
