At 01:51 PM 10/16/03 -0400, Bryce O'Whielacronx wrote: > I doubt it. It's true that VeriSign has certified this man-in-the-middle > attack, but no one cares.
Indeed, it would make sense for the original vendor website (eg Palm) to have signed the "MITM" site's cert (palmorder.modusmedia.com), not for Verisign to do so. Even better, for Mastercard to have signed both Palm and palmorder.modusmedia.com as well. And Mastercard to have printed its key's signature in my monthly paper bill. (This is aside your main point about it being Mastercard et al. doing the checking/backup for the customer, not certs.) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
