[13582] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Jun 11 15:41:35 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 12:42:50 -0600
To: Sunder <sunder@sunder.net>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: "James A. Donald" <jamesd@echeque.com>,
"Email List: Cypherpunks" <cypherpunks@lne.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <Pine.BSO.4.21.0306111049300.463-100000@anon7.arachelian.co
m>
At 10:56 AM 6/11/2003 -0400, Sunder wrote:
>In either case, we wouldn't need to worry about paying Verisign or anyone
>else if we had properly secured DNS. Then you could trust those pop-up
>self-signed SSL cert warnings.
actually, if you had a properly secured DNS .... then you could trust DNS
to distribute public keys bound to a domain name in the same way they
distribute ip-addresses bound to a domain name.
the certificates serve two purposes: 1) is the server that we think we are
talking to really the server we are talking to and 2) key-exchange for
establishing an encrypted channel. a properly secured DNS would allow
information distributed by DNS to be trusted .... including a server's
public key .... and given the public key .... it would be possible to do
the rest of the SSL operation (w/o requiring certificates) which is
establishing an agreed upon session secret key.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
