> Perhaps wandering a bit off-topic, but in practice many CAs which are > trusted by most browsers will issue certificates to whomever controls > a domain at the time the cert is issued, and so there's very little > difference between trusting DNS and trusting DNS+SSL for site > authentication (though of course SSL has the advantage of encrypting > the connection).
> In other words, the difference between the model Soner expected and > reality is the purchase of a certificate for a few tens of dollars > from one of the many CAs that do minimal checking before issuing > certificates. You are in a place where theory and practice converge. The security model assumes you don't trust a CA (in the technical sense) if you don't trust the CA (in the normal sense). It is built around the assumption that a client's list of trusted CAs will be intelligentally managed to include only those whose certificate issuing policies are acceptable to the ise the client software will be put. The reality is that the human being using the software may not even have any idea that his software contains a list of trusted CAs. The odds that he knows any given CA's security policy is even lower. In the case of a credit card number, the security as actually implemented, is probably adequate. For online banking, IMO, it probably is not adequate. The success of phising schemes largely proves this. It is a somewhat unfortunate reality that we've gotten ourselves into. I wish I had some brilliant idea for a solution. EV certificates are at least a tiny bit of a solution. User education is, unfortunately, going to have to be part of any forseeable solution. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
