CDR: Public Key Infrastructure: An Artifact...
Ben Laurie
ben at algroup.co.uk
Sun Nov 19 04:35:14 PST 2000
Lynn.Wheeler at firstdata.com wrote:
>
> the current SSL domain name infrastructure supposedly exists because of issues
> with trusting the domain name infrastructure ... except the SSL domain name
> certificate issuer has to trust the same (untrusted) domain name infrastructure
> when issuing a certificate (i.e. the SSL domain name certificate is no better
> than the authentication authority that the certificate authority has to rely on
> as the final arbitrator of domain name ownership).
>
> one of the integrity issues with the domain name infrastructure ... is that
> domain names have been hijacked ... once hijacked ... you can go to certificate
> authority and get a certificate with that domain name (and the certificate
> authority will check with the domain name system and confirm that the requester
> owns the domain name).
The difference is that a CA _also_ binds the certificate to a legal
entity. When the fraud is discovered, the identity of the fraudster is,
too.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cypherpunks-legacy
mailing list