CFP: PKI research workshop

Eric Rescorla ekr at rtfm.com
Mon Jan 14 09:37:15 EST 2002


Ben Laurie <ben at algroup.co.uk> writes:

> Michael Sierchio wrote:
> > 
> > Carl Ellison wrote:
> > 
> > > If that's not good enough for you, go to https://store.palm.com/
> > > where you have an SSL secured page.  SSL prevents a man in the middle
> > > attack, right?  This means your credit card info goes to Palm
> > > Computing, right?  Check the certificate.
> > 
> > To be fair,  most commercial CA's require evidence of "right to use"
> > a FQDN in an SSL server cert.  But your point is apt.
> 
> And most (all?) commercial CAs then disclaim any responsibility for
> having actually checked that right correctly...
While this is true, I'd point out that all the security software
you're using disclaims any responsibility for not having gaping
security holes.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list