Who's afraid of Mallory Wolf?
Anne & Lynn Wheeler
lynn at garlic.com
Tue Mar 25 12:15:00 EST 2003
At 12:17 AM 3/25/2003 -0500, Ian Grigg wrote:
>I'd say, SSL with the cert protection is the
>strongest link in the chain. In fact, it's
>ludicrously strong. It's like a Chubb vault
>lock on a screen door. If we were getting
>physical here, the door wouldn't be strong
>enough to hold up the lock.
except the certification authorities ... when doing the certification of
who owns a domain name .... still asks the domain name infrastructure as to
who really owns the domain name .... when they get a request for a SSL
domain name certificate. SSL domain name certificate request after a
domain name hijack still is possible (aka a chubb vault lock with a
possible backdoor).
the other scenario that has been raised before is that the browsers treat
all certification authorities the same .... aka if the signature on the
certificate can be verified with any of the public keys in a browser's
public key table ... it is trusted. in effect, possibly 20-40 different
manufactures of chubb vault locks .... with a wide range of business
process controls ... and all having the same possible backdoor.
Furthermore, the consumer doesn't get to choose which chubb lock is being
chosen.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list