On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote: > > In practice, if people were able to ensure they saw the same > cert every time they hit what is purportedly the same site, > this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites change certs more often than sshd changes host keys? Given how much crap browsers cache already, this wouldn't seem to add much. Of course it wouldn't help when using a public client host, but anybody doing that for confidential web access is wide open anyway. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]