Another entry in the internet security hall of shame....
Steve Furlong
demonfighter at gmail.com
Thu Aug 25 16:31:01 EDT 2005
On 8/25/05, Trei, Peter <ptrei at rsasecurity.com> wrote:
> Self-signed certs are only useful for showing that a given
> set of messages are from the same source - they don't provide
> any trustworthy information as to the binding of that source
> to anything.
Which is just fine. Pseudonymity is good.
If, hypothetically, I were interested in writing and distributing
cypto source code which skated right at the edge of current US export
regs, I might want to let users verify that the updates came from the
same source as the original, without giving them or any gov't
busybodies the ability to trace the code back to me.
--
There are no bad teachers, only defective children.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list