-----Original Message-----
From: ericm <[EMAIL PROTECTED]>
To: Kick Willemse <[EMAIL PROTECTED]>
Cc: codepunks <[EMAIL PROTECTED]>; crypto <[EMAIL PROTECTED]>
Date: Friday, 24 March, 2000 12:58 AM
Subject: Re: CA cert chaining + 128 bit
>Automatically importing a root ca cert into the trusted cert database
>would be a massive security hole... an attacker with a bogus web site
>could simply make his own equally bogus root cert, send it to
>the browser, then authenticate as "Amazon" or whatever.
Yeaaaaah.... you got that right!
You know... I was was devising a draft for electronic signature for
Indonesia. I haven't figured out how will they make use of the new CA, since
they can't force anyone to download their root CA certificate to users'
browser.
Ah... probably for non-browser certificate :-) .... which nobody use.
-mukti
