[65706] in North American Network Operators' Group
Re: Does your Certifying Authority have a clue who you are? Do they care?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Dec 5 12:28:09 2003
To: Adi Linden <adil@adis.on.ca>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Fri, 05 Dec 2003 10:26:33 CST."
<Pine.LNX.4.44.0312051026060.23831-100000@adibox.knet.ca>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 05 Dec 2003 12:27:26 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_230149345P
Content-Type: text/plain; charset=us-ascii
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
>
> No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
Sounds suspiciously like the extortion angle used recently against somebody who
was using Windows Messenger pop-op spam to advertise their "stop pop-up spam"
product.
I'm however missing the actual security angle (remember that the lack of a
warning doesn't mean you actually connected securely with who you thought you
did).
--==_Exmh_230149345P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE/0L/9cC3lWbTT17ARAlqmAKDbJ6Dh1YUZgAn2bvo+atUSPetYRACfeqTZ
2tvO5aicmnWMR87yueQL07s=
=ZuSp
-----END PGP SIGNATURE-----
--==_Exmh_230149345P--
