|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@wasabisystems.com X-Original-To: cryptography@wasabisystems.com Date: Tue, 25 Mar 2003 10:15:00 -0700 To: Ian Grigg <iang@systemics.com> From: Anne & Lynn Wheeler <lynn@garlic.com> Cc: bear <bear@sonic.net>, <cryptography@wasabisystems.com> In-Reply-To: <200303250017.22958.iang@systemics.com> At 12:17 AM 3/25/2003 -0500, Ian Grigg wrote: >I'd say, SSL with the cert protection is the >strongest link in the chain. In fact, it's >ludicrously strong. It's like a Chubb vault >lock on a screen door. If we were getting >physical here, the door wouldn't be strong >enough to hold up the lock. except the certification authorities ... when doing the certification of who owns a domain name .... still asks the domain name infrastructure as to who really owns the domain name .... when they get a request for a SSL domain name certificate. SSL domain name certificate request after a domain name hijack still is possible (aka a chubb vault lock with a possible backdoor). the other scenario that has been raised before is that the browsers treat all certification authorities the same .... aka if the signature on the certificate can be verified with any of the public keys in a browser's public key table ... it is trusted. in effect, possibly 20-40 different manufactures of chubb vault locks .... with a wide range of business process controls ... and all having the same possible backdoor. Furthermore, the consumer doesn't get to choose which chubb lock is being chosen. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |