hi,
On Fri, 31 Mar 2000, Mark H. Wood wrote:
> On Thu, 30 Mar 2000 [EMAIL PROTECTED] wrote:
> > You missed my point. Read on...
> >
> > > b) Certificates authenticate that the person is who they say they
> > > are.
hmmm... i have always thought the Certs from CA simply say yeah we know
about them.. sort of like a community string in snmp is all and well acts
as a "trusted 3rd party" that is if you believe that..;-))
> > > Trust goes to trusting that second statement, not the trustworthiness
> > > of the company behind the statement.
> > >
> >
> > People in general presume that when they see the little key that they are
> > dealing with a "bonified" business. Yes, I know that the certification
> > process does not do this. And since it doesn't do this it isn't worth
> > much.
all it does is allow for triangulation in a 'more trusting way;
> Now I am surprised. The key only means that you have a reasonably secure
> channel to an unknown endpoint. Do lots of people really believe that it
> means any more than that? That is frightening.
just saw that on a morning show where someone focused on the security of
128 bit DES and the diff of guessing that on SSL rather than on anything..
else but this is par for the course. as well have always thought that the
man in the middle attack would not need to come from the void rather from
the 'trusted 3rd party" but that is for another day ..
> --
> Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
> "Where's the kaboom? There was supposed to be an Earth-shattering kaboom!"
> -- Marvin Martian, 01/01/2000 00:00:00
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:[EMAIL PROTECTED]>
->> LINUX-MANDRAKE Solution Provider and North American Distributor <<-
PRODUCT OF THE YEAR!
<http://www.dreamwvr.com/mandrake/mandrake-main.html>
"===0 PGP Key Available
*************** "As Unique as the Company You Keep." *****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
