In message <427CCA9B.29132.760A1FC@localhost>, "James A. Donald" writes:
-- PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected.
First, you mean "the Web PKI", not PKI in general. The next part of this is circular reasoning. We don't see network sniffing for credit card numbers *because* we have SSL. Since many of the worm-spread pieces of spyware incorporate sniffers, I'd say that part of the threat model is correct. As for DNS hijacking -- that's what's behind "pharming" attacks. In other words, it's a real threat, too. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com