>
> If users accept certificates without some independent way of verifying
> the identity of the signer, then this obviates the entire point of
> certificates, which is to prevent active attack on the connection.
> The vast majority of the complexity of SSL is there to prevent
> active attack. By choosing to use unauthenticated certificates,
> you are opening the door to a broad class of attacks.
>
I agree completely. Imagine this: I have just connected to a server which I
BELIEVE to be a well known e-commerce site. There may or may not be some
network hanky-panky going on (DNS spoofing, man-in-the-middle...). What
assurance do I have that I'm really connected to the right server? At least,
with the preloaded roots, I have some assurance that a responsible party has
verified the servers identity. It's not a perfect system, but it puts enough
blocks up to make breaking it a non-trivial exercise.
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
