IP: SSL Certificate "Monopoly" Bears Financial Fruit

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jul 11 08:18:09 PDT 2002


"Lucky Green" <shamrock at cypherpunks.to> writes:

>"Trusted roots" have long been bought and sold on the secondary market as any
>other commodity. For surprisingly low amounts, you too can own a trusted root
>that comes pre-installed in >95% of all web browsers deployed.

I'd heard stories of collapsed dot-coms' keys being auctioned off, that being
the only thing of value the company had left.  It makes the title of Matthias'
paper even more appropriate.

(However, I do think that anyone wanting to compromise your security will use
 this morning's MSIE hole to do it rather than buying a CA key.  OTOH it'd be a
 great universal skeleton key for government agencies charged with protecting
 the world from equestrians).

Peter.





More information about the cypherpunks-legacy mailing list