Ben Bucksch wrote:
And under the PKI model, that's perfectly valid.
OK, then I claim that the PKI model is inherently flawed (probably
intentionally) and not suitable to protect email between private persons
where *nobody* else is supposed to listen. It is appropriate when only
money matters and serious corporate espionage is not a factor.
Correct, this is what we have been debating. This
is another side-effect of the "one size fits all"
bug in the PKI.
If I can pull the same attack against your recipients, I could play the
man in the middle, unnoticed unless someone looks very closely at the
cert (and *maybe* the received headers).
Yup. This is why it is proposed that clients should
display the salient details of the cert that is used
on the chrome. Also, the client should cache each
cert and show the number of times it is used. So,
when a cert changes, someone with whom you have
corresponded many times will suddenly report a "0"
instead of a "100".
Without integrating the user into the security protocol,
the current applications fall to MITM attacks, no
matter how the underlying SSL protocol advertises
itself. This is more or less what happens in phishing.
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
