[8093] in cryptography@c2.net mail archive
Re: Public Key Infrastructure: An Artifact...
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sun Nov 19 11:10:34 2000
Message-ID: <3A17C2C7.CDEEE753@algroup.co.uk>
Date: Sun, 19 Nov 2000 12:08:39 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Lynn.Wheeler@firstdata.com
Cc: Bram Cohen <bram@gawth.com>, obfuscation@beta.freedom.net,
rah@shipwright.com, cryptography@c2.net, cypherpunks@cyberpass.net,
dbs@philodox.com, dcsb@ai.mit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lynn.Wheeler@firstdata.com wrote:
>
> the current SSL domain name infrastructure supposedly exists because of issues
> with trusting the domain name infrastructure ... except the SSL domain name
> certificate issuer has to trust the same (untrusted) domain name infrastructure
> when issuing a certificate (i.e. the SSL domain name certificate is no better
> than the authentication authority that the certificate authority has to rely on
> as the final arbitrator of domain name ownership).
>
> one of the integrity issues with the domain name infrastructure ... is that
> domain names have been hijacked ... once hijacked ... you can go to certificate
> authority and get a certificate with that domain name (and the certificate
> authority will check with the domain name system and confirm that the requester
> owns the domain name).
The difference is that a CA _also_ binds the certificate to a legal
entity. When the fraud is discovered, the identity of the fraudster is,
too.
[I see you've never paid attention to how easy it is to get a
certificate, Ben. I suspect I could get one in the name of any company
with about 20 minutes of unskilled forgery. The level of checking done
is trivial. This wouldn't be a problem except for the fact that all
CAs disclaim any and all liability for practical purposes. --Perry]
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
