-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > They can simply replace it with a different CA certificate, so that you > authenticate to a server that claims to be your server but actually is a > different server that have the same certificate name as your server but > was issued by the CA that replaced your CA on the token.
But doesn't storing the CA cert on the local hard drive expose you the very same problem ? And the hard drive is always accessable, there's no authentication to access it once you're running from it. (or am i missing the point here ?) Albert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDxSEaKltZixSsH2QRA3rvAJ4+KXJJ/j/omdHyXJW1bHE2x/PLcgCbB1bf 15Jit91QiWnc7HqK5fdcskc= =MlhZ -----END PGP SIGNATURE-----
