A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Feb 10 20:16:56 EST 2005
"Steven M. Bellovin" <smb at cs.columbia.edu> writes:
>Is a private root key (or the equivalent signing device) an asset that can be
>acquired under bankruptcy proceedings? Almost certainly.
Absolutely certainly. Even before Baltimore, CA's private keys had been
bought and sold from/to third parties, usually as a result of bandruptcies or
takeovers. You can also occasionally find lesser CA's keys left in crypto
gear sold on ebay or similar surplus-disposal channels.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list