>>>>> "Patrick" == Patrick Cable <[email protected]> writes:
Patrick> Other thoughts: Does CBcrypt require that the client machine Patrick> not be compromised? How about the confidentiality/integrity Patrick> of the link when the public key component is first sent to Patrick> the provider (yay MITMing with a different key)? It seems Patrick> like you are putting a lot of trust into DNS, which isn't a Patrick> very trustworthy service to begin with (but we all do that a Patrick> lot today anyways; still worth noting) This is a great comment here, because I just spent an inordinate amount of time fixing my father-in-law's laptop due to some virus changing his DNS settings to point him to a bogus set of DNS servers which were doing MinM attacks on him and showing bogus flash/javascript warnings in his browsers. I should *really* have remembered to turn on https everywhere in his browser, but the one web site he really wants to goto uses an invalid Cert. Sigh.... John _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
