[114375] in cryptography@c2.net mail archive
Re: Fixing SSL
daemon@ATHENA.MIT.EDU (Werner Koch)
Thu Jan 31 16:18:03 2008
From: Werner Koch <wk@gnupg.org>
To: Philipp =?utf-8?Q?G=C3=BChring?= <pg@futureware.at>
Cc: Eric Rescorla <ekr@networkresonance.com>, Cryptography <cryptography@metzdowd.com>, Rasika Dayarathna <dayarathna@gmail.com>
Date: Thu, 31 Jan 2008 21:24:23 +0100
In-Reply-To: <200801310304.01613.pg@futureware.at> ("Philipp =?utf-8?Q?G?=
=?utf-8?Q?=C3=BChring=22's?=
message of "Thu, 31 Jan 2008 03:04:00 +0100")
On Thu, 31 Jan 2008 03:04, pg@futureware.at said:
> If you want a "public" example of client certificate usage:
> https://secure.cacert.org/
> (You need a (free) client certificate from www.CAcert.org to be able to access
Which has the problem that you may use any certifcate you ever created
wit cacert.org to log in. Even certificates created for demo purposes
with published private keys. That was the case up until a year ago; I
don't know whether this has been changed. I was a bit surprised about
such a security flaw.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
