IP: SSL Certificate "Monopoly" Bears Financial Fruit
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jul 11 08:18:09 PDT 2002
"Lucky Green" <shamrock at cypherpunks.to> writes:
>"Trusted roots" have long been bought and sold on the secondary market as any
>other commodity. For surprisingly low amounts, you too can own a trusted root
>that comes pre-installed in >95% of all web browsers deployed.
I'd heard stories of collapsed dot-coms' keys being auctioned off, that being
the only thing of value the company had left. It makes the title of Matthias'
paper even more appropriate.
(However, I do think that anyone wanting to compromise your security will use
this morning's MSIE hole to do it rather than buying a CA key. OTOH it'd be a
great universal skeleton key for government agencies charged with protecting
the world from equestrians).
Peter.
More information about the cypherpunks-legacy
mailing list