On 13 Dec 1999 18:40:02 - lcs Mixmaster Remailer [EMAIL PROTECTED] writes:
While this is true, keep in mind that there is more to mounting
a successful cryptographic attack than adding root keys and fake
certificates. It is also necessary to intercept the messages which
might
Carl Ellison and Bruce Schneier write:
Certificate verification does not use a secret key, only public keys.
Therefore, there are no secrets to protect. However, it does use one
or more "root" public keys. If the attacker can add his own public
key to that list, then he can issue his own
Ten Risks of PKI: What You're not Being Told about Public Key
Infrastructure By Carl Ellison and Bruce Schneier
Computer security has been victim of the "year of the..." syndrome.
First it was firewalls, then intrusion detection systems, then VPNs,
and now certification author
[One more time, for the non-linefeed impaired. Musta been a great christmas
party, that... :-)]
Ten Risks of PKI: What You're not Being Told about Public Key
Infrastructure By Carl Ellison and Bruce Schneier
Computer security has been victim of the "year of the..." syndr
BPM Mixmaster Remailer wrote:
By using this generic term "PKI" the authors leave a great deal of
confusion about which systems they are criticizing. Some of their
"risks", such as the one quoted above, would apply to all of these
PKIs, including SPKI. Others are more specific to current
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 06:40 PM 12/13/99 -, lcs Mixmaster Remailer wrote:
However this is just the first step in an effective compromise. Now you
need to get him to use a bogus certificate when he thinks he is using
a good one. He tries to connect to a secure
Carl Ellison writes:
The Bloomberg attack didn't require connection hijacking. All that attacker
did was post a newsgroup message with a URL in it.
This is presumably a reference to the incident described in
http://news.cnet.com/news/0-1005-200-341267.html, where a PairGain
employee