browser vendors and CAs agreeing on high-assurance certificates
Thor Lancelot Simon
tls at rek.tjls.com
Thu Dec 22 02:02:43 EST 2005
On Sun, Dec 18, 2005 at 09:47:27AM -0800, James A. Donald wrote:
>
> Has anyone been attacked through a certificate that
> would not have been issued under stricter security? The
> article does not mention any such attacks, nor have I
> ever heard of such an attack.
Ought we forget that two such certificates were issued to a party
(identity, AFAIK, still unknown) claiming to be Microsoft? What,
exactly, do you think that party's plans for those certificates
were -- and why, exactly, do you think they were inocuous?
Thor Lancelot Simon tls at rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list