A bit off the thread... Ever wondered if one can break PKI given that the 1st request to a server is mostly GET / in https? Any ideas? ----- Original Message ----- From: "Shaun Lipscombe" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Wednesday, January 19, 2005 4:57 AM Subject: Even CA's make mistakes..
> In continuing the thread on can you trust a CA.. you have to remember > that there's a human process involved and if someone can perform > identity fraud in the REAL world then they can also perform it in the > virtual world. PKI only tries to tie these two realms together. > > Please see.. > > http://www.cert.org/advisories/CA-2001-04.html > http://support.microsoft.com/kb/293818/EN-US/ > > The day someone managed to obtain a valid certificate claiming for the > identity "Microsoft Corp".... > > Shaun > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
