[13750] in cryptography@c2.net mail archive
Re: New toy: SSLbar
daemon@ATHENA.MIT.EDU (Barney Wolff)
Wed Jul 2 15:54:47 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 2 Jul 2003 15:23:13 -0400
From: Barney Wolff <barney@databus.com>
To: "James A. Donald" <jamesd@echeque.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <3F02BC64.24111.932FC94@localhost>
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
>
> In practice, if people were able to ensure they saw the same
> cert every time they hit what is purportedly the same site,
> this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites
change certs more often than sshd changes host keys? Given how much
crap browsers cache already, this wouldn't seem to add much.
Of course it wouldn't help when using a public client host, but anybody
doing that for confidential web access is wide open anyway.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
