A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

[Peter Gutmann]

"Steven M. Bellovin" <smb at cs.columbia.edu> writes:

>Is a private root key (or the equivalent signing device) an asset that can be
>acquired under bankruptcy proceedings?  Almost certainly.

Absolutely certainly.  Even before Baltimore, CA's private keys had been
bought and sold from/to third parties, usually as a result of bandruptcies or
takeovers.  You can also occasionally find lesser CA's keys left in crypto
gear sold on ebay or similar surplus-disposal channels.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com