Security by asking the drunk whether he's drunk
dan at geer.org
dan at geer.org
Tue Dec 23 17:23:07 EST 2008
or asking "Can I trust you?"
-------------------------------------------------------
http://blog.startcom.org/?p=145
Slashdot and others are reporting on this story about how it was
possible for a person to receive a completely valid certificate for
a random domain of his choosing without any questions or verification.
In this case he generated a certificate for mozilla.com from a
reseller of the Comodo certificate authority. I'm hoping this is
just a single instance but it makes you remember that the browser
pre-trusted certificate authorities really needs to be cleaned up.
If it's not obvious enough, this is not good for Tor users due to
the fact that we try to rely on SSL certificates to make sure that
traffic isn't sniffed while using Tor.
-Roc Tor Admin
-------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list