CFP: PKI research workshop
Eric Rescorla
ekr at rtfm.com
Sat Jan 12 14:02:12 EST 2002
Carl Ellison <cme at acm.org> writes:
> If that's not good enough for you, go to https://store.palm.com/
> where you have an SSL secured page. SSL prevents a man in the middle
> attack, right? This means your credit card info goes to Palm
> Computing, right?
No. It means that your credit card info goes to people who have
been authorized to use the domain name "store.palm.com". The
certificate reflects that. This appears to be a case of
outsourcing.
> Check the certificate.
Is your claim that Modus Media is NOT authorized to operate
"store.palm.com"?
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list