[6841] in cryptography@c2.net mail archive
Re: CA cert chaining + 128 bit
daemon@ATHENA.MIT.EDU (Arrianto Mukti Wibowo)
Fri Mar 24 16:43:18 2000
Message-ID: <002a01bf95b2$325f7fe0$9f3d8489@muki.comp.nus.edu.sg>
Reply-To: "Arrianto Mukti Wibowo" <iscp9063@nus.edu.sg>
From: "Arrianto Mukti Wibowo" <iscp9063@nus.edu.sg>
To: "Cryptography" <cryptography@c2.net>
Date: Sat, 25 Mar 2000 00:44:00 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----Original Message-----
From: ericm <ericm@lne.com>
To: Kick Willemse <k.willemse@diginotar.nl>
Cc: codepunks <coderpunks@toad.com>; crypto <cryptography@c2.net>
Date: Friday, 24 March, 2000 12:58 AM
Subject: Re: CA cert chaining + 128 bit
>Automatically importing a root ca cert into the trusted cert database
>would be a massive security hole... an attacker with a bogus web site
>could simply make his own equally bogus root cert, send it to
>the browser, then authenticate as "Amazon" or whatever.
Yeaaaaah.... you got that right!
You know... I was was devising a draft for electronic signature for
Indonesia. I haven't figured out how will they make use of the new CA, since
they can't force anyone to download their root CA certificate to users'
browser.
Ah... probably for non-browser certificate :-) .... which nobody use.
-mukti
