[18274] in cryptography@c2.net mail archive
RE: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (R.A. Hettinga)
Thu Aug 25 16:57:54 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To:
<017630AA6DF2DF4EBC1DD4454F8EE29704776F1E@rsana-ex-hq1.NA.RSA.NET>
Date: Thu, 25 Aug 2005 16:28:25 -0400
To: "Trei, Peter" <ptrei@rsasecurity.com>,
"Peter Saint-Andre" <stpeter@jabber.org>, <cryptography@metzdowd.com>
From: "R.A. Hettinga" <rah@shipwright.com>
At 9:42 AM -0400 8/25/05, Trei, Peter wrote:
>Self-signed certs are only useful for showing that a given
>set of messages are from the same source - they don't provide
>any trustworthy information as to the binding of that source
>to anything.
Oddly enough, the same could be said for a hierarchically signed certificate.
;-)
Cheers,
RAH
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
