[10104] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jan 14 09:51:33 2002
To: Ben Laurie <ben@algroup.co.uk>
Cc: kudzu@tenebras.com, Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 14 Jan 2002 06:37:15 -0800
In-Reply-To: Ben Laurie's message of "Mon, 14 Jan 2002 09:55:42 +0000"
Message-ID: <kj1ygtc82s.fsf@romeo.rtfm.com>
Ben Laurie <ben@algroup.co.uk> writes:
> Michael Sierchio wrote:
> >
> > Carl Ellison wrote:
> >
> > > If that's not good enough for you, go to https://store.palm.com/
> > > where you have an SSL secured page. SSL prevents a man in the middle
> > > attack, right? This means your credit card info goes to Palm
> > > Computing, right? Check the certificate.
> >
> > To be fair, most commercial CA's require evidence of "right to use"
> > a FQDN in an SSL server cert. But your point is apt.
>
> And most (all?) commercial CAs then disclaim any responsibility for
> having actually checked that right correctly...
While this is true, I'd point out that all the security software
you're using disclaims any responsibility for not having gaping
security holes.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
