On 13 Dec 1999 18:40:02 - lcs Mixmaster Remailer <[EMAIL PROTECTED]> writes:
> > > While this is true, keep in mind that there is more to mounting
> > > a successful cryptographic attack than adding root keys and fake
> > > certificates. It is also necessary to intercept the messages which
>
Carl Ellison writes:
> The Bloomberg attack didn't require connection hijacking. All that attacker
> did was post a newsgroup message with a URL in it.
This is presumably a reference to the incident described in
http://news.cnet.com/news/0-1005-200-341267.html, where a PairGain
employee apparen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 06:40 PM 12/13/99 -, lcs Mixmaster Remailer wrote:
>However this is just the first step in an effective compromise. Now you
>need to get him to use a bogus certificate when he thinks he is using
>a good one. He tries to connect to a secure si
> > While this is true, keep in mind that there is more to mounting
> > a successful cryptographic attack than adding root keys and fake
> > certificates. It is also necessary to intercept the messages which
> > might have gone to the legitimate recipient, and possibly decrypt and
> > re-encrypt
> Carl Ellison and Bruce Schneier write:
> > Certificate verification does not use a secret key, only public keys.
> >
> > Therefore, there are no secrets to protect. However, it does use one
> > or more "root" public keys. If the attacker can add his own public
> > key to that list, then he can
BPM Mixmaster Remailer wrote:
> By using this generic term "PKI" the authors leave a great deal of
> confusion about which systems they are criticizing. Some of their
> "risks", such as the one quoted above, would apply to all of these
> PKIs, including SPKI. Others are more specific to current
Carl Ellison and Bruce Schneier write:
> Certificate verification does not use a secret key, only public keys.
>
> Therefore, there are no secrets to protect. However, it does use one
> or more "root" public keys. If the attacker can add his own public
> key to that list, then he can issue his o
