> Lucky Green[SMTP:[EMAIL PROTECTED]] > > > James wrote: > > On 11 Jul 2002 at 1:22, Lucky Green wrote: > > > "Trusted roots" have long been bought and sold on the > > secondary market > > > as any other commodity. For surprisingly low amounts, you > > too can own > > > a trusted root that comes pre-installed in >95% of all web browsers > > > deployed. > > > > How much, typically? > > I'd rather not state the exact figures. A search of SEC filings may or > may not turn up further details. > > > And who actually owns these numerous trusted roots? > > I am not sure I understand the question. > > --Lucky > I think I do. A 'second hand' root key seems to have some trust issues - the thing you are buying is the private half of a public key pair .... but that's just a piece of information. How can you be sure that, as purchaser, you are the *only* possessor of the key, and no one else has another copy (the seller, for example)?
Peter Trei