[16890] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Feb 16 07:57:13 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: herzbea@macs.biu.ac.il, smb@cs.columbia.edu
Cc: cryptography@metzdowd.com, iang@systemics.com
In-Reply-To: <20050210232446.C8FAA3C025A@berkshire.machshav.com>
Date: Fri, 11 Feb 2005 14:16:56 +1300

"Steven M. Bellovin" <smb@cs.columbia.edu> writes:

>Is a private root key (or the equivalent signing device) an asset that can be
>acquired under bankruptcy proceedings?  Almost certainly.

Absolutely certainly.  Even before Baltimore, CA's private keys had been
bought and sold from/to third parties, usually as a result of bandruptcies or
takeovers.  You can also occasionally find lesser CA's keys left in crypto
gear sold on ebay or similar surplus-disposal channels.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16890] in cryptography@c2.net mail archive

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

daemon@ATHENA.MIT.EDU (Peter Gutmann)Wed Feb 16 07:57:13 2005

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Feb 16 07:57:13 2005