12 Jul
2002
12 Jul
'02
2:15 a.m.
"Lucky Green" <shamrock@cypherpunks.to> writes:
"Trusted roots" have long been bought and sold on the secondary market as any other commodity. For surprisingly low amounts, you too can own a trusted root that comes pre-installed in >95% of all web browsers deployed.
I'd heard stories of collapsed dot-coms' keys being auctioned off, that being the only thing of value the company had left. It makes the title of Matthias' paper even more appropriate. (However, I do think that anyone wanting to compromise your security will use this morning's MSIE hole to do it rather than buying a CA key. OTOH it'd be a great universal skeleton key for government agencies charged with protecting the world from equestrians). Peter.