In article <[EMAIL PROTECTED]>,
Neil Stevens <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 18 November 2004 10:07 am, David Waite wrote:
> > Nothing can be done without trust. We are using Verisign today as a
> > trusted body for providing correct D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November 2004 10:07 am, David Waite wrote:
> Nothing can be done without trust. We are using Verisign today as a
> trusted body for providing correct DNS records and references.
Funny business in DNS is easy to detect. Funny business i
In article <[EMAIL PROTECTED]>,
Jacek Konieczny <[EMAIL PROTECTED]> wrote:
> On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
> > If an attacker attempts to connect and provides a certificate that is
> > not on record for the host they are claiming to be, a dialback is
> > performed aga
In article <[EMAIL PROTECTED]>,
David Waite <[EMAIL PROTECTED]> wrote:
> > One man's trusted body is another man's corruptable agency.
> Nothing can be done without trust. We are using Verisign today as a
> trusted body for providing correct DNS records and references.
Shyeah, speaking of corru
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records and references.
-David Waite
On Thu, 18 Nov 2004 05:14:02 -0800, Neil Stevens <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 18 Novembe
On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
> If an attacker attempts to connect and provides a certificate that is
> not on record for the host they are claiming to be, a dialback is
> performed against the authority of the host. The attacker, unless they
> have control of DNS or t
> -Original Message-
> From: Matthias Wimmer [mailto:[EMAIL PROTECTED]
> Hi JD!
>
> JD Conley schrieb am 2004-11-12 09:18:46:
> > > Not sure ... there are valid reasons to change your s2s
certificate:
> > >
> > > - Key expired
> > > - Key has been compromised
> > > - Key has been lost
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November 2004 04:38 am, Matthias Wimmer wrote:
> Having a trusted body like the JSF, that acts as a registry/CA might be
> a solution and I am looking forward to see Peter's proposal ... the
> remaining problem might be to verify if some
Hi JD!
JD Conley schrieb am 2004-11-12 09:18:46:
> > Not sure ... there are valid reasons to change your s2s certificate:
> >
> > - Key expired
> > - Key has been compromised
> > - Key has been lost
> >
>
> Well, if the cert changed you could then "verify" the key again with a
> dialback and re
