> Adam Back[SMTP:[EMAIL PROTECTED]]
>
> On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> > So what if we create the Cypherpunks Root CA, which (either) signs
> > what you submit to it via a web page, or publish the secret key?
>
[...]
> > We then get the Cypherpunks Root CA key added to the browsers--it
> > can't be that hard, the US postal service managed it...
>
> I think you'd have to do it in reverse to stand a chance if you
> literally published the private key -- they're never going to add the
> public key for a known compromised private key. Also it costs lots of
> money, and takes some time to take effect.
>
> Adam
>
I can't speak for mail-only clients, but it's easy (for moderately
geekish or carefully instructed people) to add new trusted
roots to IE or Netscape.
Peter Trei
