At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote:
>      I doubt it.  It's true that VeriSign has certified this
man-in-the-middle
>   attack, but no one cares.  

Indeed, it would make sense for the original vendor website (eg Palm)
to have signed the "MITM" site's cert (palmorder.modusmedia.com),
not for Verisign to do so.  Even better, for Mastercard to have signed
both Palm and palmorder.modusmedia.com as well.  And Mastercard to
have printed its key's signature in my monthly paper bill.


(This is aside your main point about it being Mastercard et al. 
doing the checking/backup for the customer, not certs.)




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to