On Thu, Feb 10, 2005 at 06:24:46PM -0500, Steven M. Bellovin wrote: [...] > One member of this mailing list, in a private exchange, noted that > he had asked his bank for their certificate's fingerprint. My > response was that I was astonished he found someone who knew what > he was talking about. [...]
I wrote on this list, in June 2003, the last time we had this conversation (regarding a similar plugin called SSLBar): "Maybe this is a stupid question, but exactly how are you supposed to use this information to verify a cert? I've done an informal survey of a few financial institutions whose sites use SSL, and the number of them that were able to provide me with a fingerprint over the phone was exactly zero." Which bank was that person you mention talking to? -- - Adam ----- ** My new project --> http://www.visiognomy.com/daily ** Flagship blog --> http://www.aquick.org/blog Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ] Links: [ http://del.icio.us/fields ] Photos: [ http://www.aquick.org/photoblog ] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]