Eric Rescorla wrote: > > Ben Laurie <[EMAIL PROTECTED]> writes: > > > Michael Sierchio wrote: > > > > > > Carl Ellison wrote: > > > > > > > If that's not good enough for you, go to https://store.palm.com/ > > > > where you have an SSL secured page. SSL prevents a man in the middle > > > > attack, right? This means your credit card info goes to Palm > > > > Computing, right? Check the certificate. > > > > > > To be fair, most commercial CA's require evidence of "right to use" > > > a FQDN in an SSL server cert. But your point is apt. > > > > And most (all?) commercial CAs then disclaim any responsibility for > > having actually checked that right correctly... > While this is true, I'd point out that all the security software > you're using disclaims any responsibility for not having gaping > security holes.
I have the source to all the security software I'm using... in fact, I wrote quite a lot of it :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
