Michael Sierchio <[EMAIL PROTECTED]> writes:
> Carl Ellison wrote:
>
> > If that's not good enough for you, go to https://store.palm.com/
> > where you have an SSL secured page. SSL prevents a man in the middle
> > attack, right? This means your credit card info goes to Palm
> > Computing, right? Check the certificate.
>
> To be fair, most commercial CA's require evidence of "right to use"
> a FQDN in an SSL server cert. But your point is apt.
Yes, but it only takes one of the hundreds of CAs to fail to make
this check and the whole system fails. C.f. Verisign signing a
fake MicroSoft cert last year....
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
