[1087] in cryptography@c2.net mail archive
Re: Thoughts on the next target.
daemon@ATHENA.MIT.EDU (Matthew James Gering)
Wed Jun 25 11:48:49 1997
From: "Matthew James Gering" <mgering@ricochet.net>
To: <cryptography@c2.net>
Date: Wed, 25 Jun 1997 01:52:53 -0700
I'm not sure I'd actually advocate doing this, but...
If you /really/ want to prove a point against GAK, start a collection pool
for a bounty and publically offer a reward, issued in complete confidence,
to anyone who delivers a top-level CA certifying private key without the
CA's knowledge. You may have to organize this outside the US ;-).
Once the bounty exceeds >$1M, I'd say the CA's had better tighten internal
security.
You can use some other tightly guarded item -- but it must be publically
verifiable. CA key is just the first that came to mind.
Matt
