Hi JD!
JD Conley schrieb am 2004-11-12 09:18:46:
Not sure ... there are valid reasons to change your s2s certificate:
- Key expired
- Key has been compromised
- Key has been lost
Well, if the cert changed you could then verify the key again with a
dialback and reset the cache if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November 2004 04:38 am, Matthias Wimmer wrote:
Having a trusted body like the JSF, that acts as a registry/CA might be
a solution and I am looking forward to see Peter's proposal ... the
remaining problem might be to verify if
-Original Message-
From: Matthias Wimmer [mailto:[EMAIL PROTECTED]
Hi JD!
JD Conley schrieb am 2004-11-12 09:18:46:
Not sure ... there are valid reasons to change your s2s
certificate:
- Key expired
- Key has been compromised
- Key has been lost
Well, if the
On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
If an attacker attempts to connect and provides a certificate that is
not on record for the host they are claiming to be, a dialback is
performed against the authority of the host. The attacker, unless they
have control of DNS or the
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records and references.
-David Waite
On Thu, 18 Nov 2004 05:14:02 -0800, Neil Stevens [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November
In article [EMAIL PROTECTED],
David Waite [EMAIL PROTECTED] wrote:
One man's trusted body is another man's corruptable agency.
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records and references.
Shyeah, speaking of corruptible
In article [EMAIL PROTECTED],
Jacek Konieczny [EMAIL PROTECTED] wrote:
On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
If an attacker attempts to connect and provides a certificate that is
not on record for the host they are claiming to be, a dialback is
performed against the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November 2004 10:07 am, David Waite wrote:
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records and references.
Funny business in DNS is easy to detect. Funny business in
In article [EMAIL PROTECTED],
Neil Stevens [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November 2004 10:07 am, David Waite wrote:
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records