Ben Laurie <[EMAIL PROTECTED]> writes:
> Michael Sierchio wrote:
> >
> > Carl Ellison wrote:
> >
> > > If that's not good enough for you, go to https://store.palm.com/
> > > where you have an SSL secured page. SSL prevents a man in the middle
> > > attack, right? This means your credit card info goes to Palm
> > > Computing, right? Check the certificate.
> >
> > To be fair, most commercial CA's require evidence of "right to use"
> > a FQDN in an SSL server cert. But your point is apt.
>
> And most (all?) commercial CAs then disclaim any responsibility for
> having actually checked that right correctly...
While this is true, I'd point out that all the security software
you're using disclaims any responsibility for not having gaping
security holes.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
