Does your Certifying Authority have a clue who you are? Do they care?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Dec 5 17:27:26 UTC 2003
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
>
> No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
Sounds suspiciously like the extortion angle used recently against somebody who
was using Windows Messenger pop-op spam to advertise their "stop pop-up spam"
product.
I'm however missing the actual security angle (remember that the lack of a
warning doesn't mean you actually connected securely with who you thought you
did).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031205/611b1bf3/attachment.sig>
More information about the NANOG
mailing list