WYTM?

David Honig dahonig at cox.net
Thu Oct 16 19:19:50 EDT 2003


At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote:
>      I doubt it.  It's true that VeriSign has certified this
man-in-the-middle
>   attack, but no one cares.  

Indeed, it would make sense for the original vendor website (eg Palm)
to have signed the "MITM" site's cert (palmorder.modusmedia.com),
not for Verisign to do so.  Even better, for Mastercard to have signed
both Palm and palmorder.modusmedia.com as well.  And Mastercard to
have printed its key's signature in my monthly paper bill.


(This is aside your main point about it being Mastercard et al. 
doing the checking/backup for the customer, not certs.)




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list