WYTM?
Bryce O'Whielacronx
zooko at zooko.com
Thu Oct 16 19:24:46 EDT 2003
Hopefully everyone realizes this, but just for the record, I didn't write the
lines apparently attributed to me below -- I was quoting Bruce Schneier.
By the way, I strongly agree with David Honig's point that the wrong entities
are doing the signing.
Regards,
Bryce O'Whielacronx
David Honig <dahonig at cox.net> wrote:
>
> At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote:
> > I doubt it. It's true that VeriSign has certified this
> man-in-the-middle
> > attack, but no one cares.
>
> Indeed, it would make sense for the original vendor website (eg Palm)
> to have signed the "MITM" site's cert (palmorder.modusmedia.com),
> not for Verisign to do so. Even better, for Mastercard to have signed
> both Palm and palmorder.modusmedia.com as well. And Mastercard to
> have printed its key's signature in my monthly paper bill.
>
>
> (This is aside your main point about it being Mastercard et al.
> doing the checking/backup for the customer, not certs.)
>
>
>
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list