[11100] in cryptography@c2.net mail archive
RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit
daemon@ATHENA.MIT.EDU (Trei, Peter)
Fri Jul 12 14:57:54 2002
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: cryptography@wasabisystems.com, cypherpunks@lne.com,
"'Lucky Green'" <shamrock@cypherpunks.to>
Date: Fri, 12 Jul 2002 11:18:12 -0400
> Lucky Green[SMTP:shamrock@cypherpunks.to]
>
>
> James wrote:
> > On 11 Jul 2002 at 1:22, Lucky Green wrote:
> > > "Trusted roots" have long been bought and sold on the
> > secondary market
> > > as any other commodity. For surprisingly low amounts, you
> > too can own
> > > a trusted root that comes pre-installed in >95% of all web browsers
> > > deployed.
> >
> > How much, typically?
>
> I'd rather not state the exact figures. A search of SEC filings may or
> may not turn up further details.
>
> > And who actually owns these numerous trusted roots?
>
> I am not sure I understand the question.
>
> --Lucky
>
I think I do. A 'second hand' root key seems to have some
trust issues - the thing you are buying is the private half
of a public key pair .... but that's just a piece of information.
How can you be sure that, as purchaser, you are the *only*
possessor of the key, and no one else has another copy (the
seller, for example)?
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
