Hopefully everyone realizes this, but just for the record, I didn't write the lines apparently attributed to me below -- I was quoting Bruce Schneier.
By the way, I strongly agree with David Honig's point that the wrong entities are doing the signing. Regards, Bryce O'Whielacronx David Honig <[EMAIL PROTECTED]> wrote: > > At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote: > > I doubt it. It's true that VeriSign has certified this > man-in-the-middle > > attack, but no one cares. > > Indeed, it would make sense for the original vendor website (eg Palm) > to have signed the "MITM" site's cert (palmorder.modusmedia.com), > not for Verisign to do so. Even better, for Mastercard to have signed > both Palm and palmorder.modusmedia.com as well. And Mastercard to > have printed its key's signature in my monthly paper bill. > > > (This is aside your main point about it being Mastercard et al. > doing the checking/backup for the customer, not certs.) > > > > > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]