[19365] in cryptography@c2.net mail archive
Re: browser vendors and CAs agreeing on high-assurance certificates
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Thu Dec 22 11:36:27 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 22 Dec 2005 02:02:43 -0500
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: cryptography@metzdowd.com
Reply-To: tls@rek.tjls.com
In-Reply-To: <43A5302F.24812.6E83E65@localhost>
On Sun, Dec 18, 2005 at 09:47:27AM -0800, James A. Donald wrote:
>
> Has anyone been attacked through a certificate that
> would not have been issued under stricter security? The
> article does not mention any such attacks, nor have I
> ever heard of such an attack.
Ought we forget that two such certificates were issued to a party
(identity, AFAIK, still unknown) claiming to be Microsoft? What,
exactly, do you think that party's plans for those certificates
were -- and why, exactly, do you think they were inocuous?
Thor Lancelot Simon tls@rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
