Who's afraid of Mallory Wolf?

bear bear at sonic.net
Tue Mar 25 12:28:58 EST 2003



On Tue, 25 Mar 2003, Anne & Lynn Wheeler wrote:

>the other scenario that has been raised before is that the browsers treat
>all certification authorities the same .... aka if the signature on the
>certificate can be verified with any of the public keys in a browser's
>public key table ... it is trusted. in effect, possibly 20-40 different
>manufactures of chubb vault locks .... with a wide range of business
>process controls ... and all having the same possible backdoor.
>Furthermore, the consumer doesn't get to choose which chubb lock is being
>chosen.

Of course the consumer gets to make that choice.  I can go into my browser's
keyring and delete root certs that have been sold, ever.  And I routinely
do.  A fair number of sites don't work for me anymore, but I'm okay with
that.

			Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list