Does your Certifying Authority have a clue who you are? Do they care?

• Previous message (by thread): Does your Certifying Authority have a clue who you are? Do they care?
• Next message (by thread): Does your Certifying Authority have a clue who you are? Do they care?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
> 
> No popup box on the browser asking to accept the certificate.

"Pay us $1,000 or we'll annoy your users with popups".

Sounds suspiciously like the extortion angle used recently against somebody who
was using Windows Messenger pop-op spam to advertise their "stop pop-up spam"
product.

I'm however missing the actual security angle (remember that the lack of a
warning doesn't mean you actually connected securely with who you thought you
did).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031205/611b1bf3/attachment.sig>

• Previous message (by thread): Does your Certifying Authority have a clue who you are? Do they care?
• Next message (by thread): Does your Certifying Authority have a clue who you are? Do they care?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]