CFP: PKI research workshop
Ben Laurie
ben at algroup.co.uk
Mon Jan 14 10:55:00 EST 2002
Eric Rescorla wrote:
>
> Ben Laurie <ben at algroup.co.uk> writes:
>
> > Michael Sierchio wrote:
> > >
> > > Carl Ellison wrote:
> > >
> > > > If that's not good enough for you, go to https://store.palm.com/
> > > > where you have an SSL secured page. SSL prevents a man in the middle
> > > > attack, right? This means your credit card info goes to Palm
> > > > Computing, right? Check the certificate.
> > >
> > > To be fair, most commercial CA's require evidence of "right to use"
> > > a FQDN in an SSL server cert. But your point is apt.
> >
> > And most (all?) commercial CAs then disclaim any responsibility for
> > having actually checked that right correctly...
> While this is true, I'd point out that all the security software
> you're using disclaims any responsibility for not having gaping
> security holes.
I have the source to all the security software I'm using... in fact, I
wrote quite a lot of it :-)
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list