New toy: SSLbar
Barney Wolff
barney at databus.com
Wed Jul 2 15:23:13 EDT 2003
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
>
> In practice, if people were able to ensure they saw the same
> cert every time they hit what is purportedly the same site,
> this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites
change certs more often than sshd changes host keys? Given how much
crap browsers cache already, this wouldn't seem to add much.
Of course it wouldn't help when using a public client host, but anybody
doing that for confidential web access is wide open anyway.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list