[Cryptography] Commercial PKI as dog poop
Salz, Rich
rsalz at akamai.com
Thu May 13 22:51:58 EDT 2021
> I expect that if I form an SSL connection to http://www.example.com ,
the machine at the other end will be controlled by the owner
of the name http://www.example.com
> If that expectation can easily be violated, it is a problem.
If example.com has a business arrangement with cdn.com, and that arrangement gives cdn.com the ability to use the example.com domain name, and gives the cdn the key/certificate, or the ability to get a key/cert for example.com then there is no violation. This is how hosting services work. The entity that owns example.com contracts with other entities to provide services under the name example.com
More information about the cryptography
mailing list