Hopefully everyone realizes this, but just for the record, I didn't write the 
lines apparently attributed to me below -- I was quoting Bruce Schneier.

By the way, I strongly agree with David Honig's point that the wrong entities 
are doing the signing.


Bryce O'Whielacronx

 David Honig <[EMAIL PROTECTED]> wrote:
> At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote:
> >      I doubt it.  It's true that VeriSign has certified this
> man-in-the-middle
> >   attack, but no one cares.  
> Indeed, it would make sense for the original vendor website (eg Palm)
> to have signed the "MITM" site's cert (palmorder.modusmedia.com),
> not for Verisign to do so.  Even better, for Mastercard to have signed
> both Palm and palmorder.modusmedia.com as well.  And Mastercard to
> have printed its key's signature in my monthly paper bill.
> (This is aside your main point about it being Mastercard et al. 
> doing the checking/backup for the customer, not certs.)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to