CFP: PKI research workshop
Carl Ellison
cme at acm.org
Sat Jan 12 14:44:41 EST 2002
At 11:31 AM 1/12/2002 -0800, Michael Sierchio wrote:
>Carl Ellison wrote:
>
>> If that's not good enough for you, go to https://store.palm.com/
>> where you have an SSL secured page. SSL prevents a man in the
>> middle attack, right? This means your credit card info goes to
>> Palm
>> Computing, right? Check the certificate.
>
>To be fair, most commercial CA's require evidence of "right to use"
>a FQDN in an SSL server cert. But your point is apt.
I should hope they do. My point is only that I, as the relying
party, have not been shown that proof. The PKI has not conveyed that
evidence to me. The propper authorization certificate would have.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list