At 02:24 PM 06/11/2003 -0700, David Honig wrote:
At 12:42 PM 6/11/03 -0600, Anne & Lynn Wheeler wrote:
>actually, if you had a properly secured DNS .... then you could trust DNS
>to distribute public keys bound to a domain name in the same way they
>distribute ip-addresses bound to a domain name.
Adding PKeys to Yellow Pages merely lets you get scammed *confidentially*.

Unfortunately, that doesn't help you against wetware attacks - the "" and "" web sites can have valid certs, and your browser is unlikely to notice that they're different from the certs at the sites "" and "" because they've got different domain names. So it won't notice that the certs have changed, because they haven't, they're just the new certs for the new websites. And client-side certs won't help, because the bogus sites can happily accept them or ignore them.

An e-gold-specific or paypal-specific client can tell,
because it can remember that it's trying to see the real thing,
but the browser can't tell, except by bugging you about
"Hi, this is a new site that's giving us a new cert" placebo box.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to