[10115] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (D. A. Honig)
Mon Jan 14 12:44:30 2002
Message-Id: <3.0.5.32.20020114093650.007b8d10@mail.orng1.occa.home.com>
Date: Mon, 14 Jan 2002 09:36:50 -0800
To: Carl Ellison <cme@acm.org>
From: "D. A. Honig" <dahonig@home.com>
Cc: "Phillip Hallam-Baker" <hallam@ai.mit.edu>,
"SPKI Mailing List" <spki@wasabisystems.com>,
<cryptography@wasabisystems.com>
In-Reply-To: <3.0.5.32.20020112104918.019d70a0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 10:49 AM 1/12/02 -0800, Carl Ellison wrote:
>
>If that's not good enough for you, go to https://store.palm.com/
>where you have an SSL secured page. SSL prevents a man in the middle
>attack, right? This means your credit card info goes to Palm
>Computing, right? Check the certificate.
>
More demos: You can create your own cert with TinySSL, a lightweight ( <
100Kbyte)
server for Wintel, http://www.ritlabs.com/tinyweb/tinyssl.html
and amuse your friends if they bother to read
the info there. Using trademarks (RSA, Verisign, etc.) in the fields
would escape most. Or, as the TinySSL docs advise, you can get a free
cert from Thawte --which *in fact* certifies only that you can receive
email at the address you gave them.
As others have written, great for enabling SSL's confidentiality, nothing
else.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
