On Fri, 5 Jan 2001, Alex Alten wrote:
>
> I guess things would get real interesting if the private key to a trusted
> intermediate or root certificate authority got stolen and published. It
> might take a while to update all the browsers out there to not accept it
> as a valid signer of server certificates.
Yeah, lots of web sites would start signing their own certificates because
they'd see no reason to fork over the $700 or whatever it is to Verisign,
then Verisign would start threatening to sue all of them for violating
trade secrets and copyright on the root key.
Ironically, it probably wouldn't have any effect on security whatsoever -
you can MITM web sites just fine anyway and just make client connections
unencrypted, hardly anyone would notice. The real security behind credit
card transactions is in the difficulty of cashing in on a whole bunch of
credit card numbers anonymously.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
