[12861] in cryptography@c2.net mail archive
Re: Who's afraid of Mallory Wolf?
daemon@ATHENA.MIT.EDU (bear)
Tue Mar 25 12:35:21 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 25 Mar 2003 09:28:58 -0800 (PST)
From: bear <bear@sonic.net>
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Ian Grigg <iang@systemics.com>, <cryptography@wasabisystems.com>
In-Reply-To: <4.2.2.20030325100549.00b5cac0@mail.earthlink.net>
On Tue, 25 Mar 2003, Anne & Lynn Wheeler wrote:
>the other scenario that has been raised before is that the browsers treat
>all certification authorities the same .... aka if the signature on the
>certificate can be verified with any of the public keys in a browser's
>public key table ... it is trusted. in effect, possibly 20-40 different
>manufactures of chubb vault locks .... with a wide range of business
>process controls ... and all having the same possible backdoor.
>Furthermore, the consumer doesn't get to choose which chubb lock is being
>chosen.
Of course the consumer gets to make that choice. I can go into my browser's
keyring and delete root certs that have been sold, ever. And I routinely
do. A fair number of sites don't work for me anymore, but I'm okay with
that.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
