On Tue, 25 Mar 2003, Anne & Lynn Wheeler wrote:
>the other scenario that has been raised before is that the browsers treat >all certification authorities the same .... aka if the signature on the >certificate can be verified with any of the public keys in a browser's >public key table ... it is trusted. in effect, possibly 20-40 different >manufactures of chubb vault locks .... with a wide range of business >process controls ... and all having the same possible backdoor. >Furthermore, the consumer doesn't get to choose which chubb lock is being >chosen. Of course the consumer gets to make that choice. I can go into my browser's keyring and delete root certs that have been sold, ever. And I routinely do. A fair number of sites don't work for me anymore, but I'm okay with that. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]