Larry Chin wrote:
>
> [Snip]
> This network attack is known as the Man In The Middle Attack, and is made
> possible because Public Key encryption relies upon users implicitly
> trusting whatever message they receive from a system claiming to be the
> Certificate Authority. There is no method to prove the identity of the
> Certificate Authority.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> This potential security risk is also the reason why many secure sites,
> such as military sites, will not use Public Key encryption.
>
Hmm? Pardon me if I'm entirely wrong, but isn't that what CA
certificates are all about?
In the case of web browsers, they come pre-installed with
a number of public keys related to a number of well-known
CA's, and may be used to verify the authenticity of what
is received from the CA.
?
I'm not an expert in this field, but this is what I
(have been lead to?) believe.
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
