On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
> In practice, if people were able to ensure they saw the same
> cert every time they hit what is purportedly the same site,
> this would take out most scams.

What's wrong with the ssh known-hosts approach, for this?  Do sites
change certs more often than sshd changes host keys?  Given how much
crap browsers cache already, this wouldn't seem to add much.

Of course it wouldn't help when using a public client host, but anybody
doing that for confidential web access is wide open anyway.

Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to