Security by asking the drunk whether he's drunk

dan at dan at
Tue Dec 23 17:23:07 EST 2008

or asking "Can I trust you?"


Slashdot and others are reporting on this story about how it was
possible for a person to receive a completely valid certificate for
a random domain of his choosing without any questions or verification.
In this case he generated a certificate for from a
reseller of the Comodo certificate authority.  I'm hoping this is
just a single instance but it makes you remember that the browser
pre-trusted certificate authorities really needs to be cleaned up.

If it's not obvious enough, this is not good for Tor users due to
the fact that we try to rely on SSL certificates to make sure that
traffic isn't sniffed while using Tor.

-Roc Tor Admin


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list