[14670] in cryptography@c2.net mail archive
Re: WYTM?
daemon@ATHENA.MIT.EDU (Bryce O'Whielacronx)
Fri Oct 17 01:30:26 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: 16 Oct 2003 19:24:46 -0400
From: "Bryce O'Whielacronx" <zooko@zooko.com>
To: cryptography@metzdowd.com
In-Reply-To: Message from David Honig <dahonig@cox.net>
of "Thu, 16 Oct 2003 16:19:50 PDT." <3.0.5.32.20031016161950.00874e70@pop.west.cox.net>
Hopefully everyone realizes this, but just for the record, I didn't write the
lines apparently attributed to me below -- I was quoting Bruce Schneier.
By the way, I strongly agree with David Honig's point that the wrong entities
are doing the signing.
Regards,
Bryce O'Whielacronx
David Honig <dahonig@cox.net> wrote:
>
> At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote:
> > I doubt it. It's true that VeriSign has certified this
> man-in-the-middle
> > attack, but no one cares.
>
> Indeed, it would make sense for the original vendor website (eg Palm)
> to have signed the "MITM" site's cert (palmorder.modusmedia.com),
> not for Verisign to do so. Even better, for Mastercard to have signed
> both Palm and palmorder.modusmedia.com as well. And Mastercard to
> have printed its key's signature in my monthly paper bill.
>
>
> (This is aside your main point about it being Mastercard et al.
> doing the checking/backup for the customer, not certs.)
>
>
>
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
