Michael Sierchio wrote: > > Carl Ellison wrote: > > > If that's not good enough for you, go to https://store.palm.com/ > > where you have an SSL secured page. SSL prevents a man in the middle > > attack, right? This means your credit card info goes to Palm > > Computing, right? Check the certificate. > > To be fair, most commercial CA's require evidence of "right to use" > a FQDN in an SSL server cert. But your point is apt.
And most (all?) commercial CAs then disclaim any responsibility for having actually checked that right correctly... Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]