'morning
On Thu, 19 Jan 2012, Paul Hoffman wrote:
Which attacks are we interested in?
a) Attackers can get a trusted PKIX certificate due to errors on the
part of some CAs that are trusted by web browsers.
I would like to add:
d) Atacker can get a trusted PKIX certificate due to a legislation / law
that enables them to order some CAs to hand out that PKIX certificate
In light of SOPA/PIPA, ACTA, and Iranian (etc) government.
b) Attackers can get a trusted PKIX certificate due to intentional
laxness on the part of some CAs that are trusted by web browsers.
c) Attackers can issue certificates that cause warnings in web browsers that
are often ignored and clicked through.
The solution to each of these is different.
Regards,
BecHa
(disclaimer: posts from my private email address express my personal
opinion, not endoresed by my employer nor any other group I associate
with)
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
