IP: SSL Certificate "Monopoly" Bears Financial Fruit
Trei, Peter
ptrei at rsasecurity.com
Fri Jul 12 08:18:12 PDT 2002
> Lucky Green[SMTP:shamrock at cypherpunks.to]
>
>
> James wrote:
> > On 11 Jul 2002 at 1:22, Lucky Green wrote:
> > > "Trusted roots" have long been bought and sold on the
> > secondary market
> > > as any other commodity. For surprisingly low amounts, you
> > too can own
> > > a trusted root that comes pre-installed in >95% of all web browsers
> > > deployed.
> >
> > How much, typically?
>
> I'd rather not state the exact figures. A search of SEC filings may or
> may not turn up further details.
>
> > And who actually owns these numerous trusted roots?
>
> I am not sure I understand the question.
>
> --Lucky
>
I think I do. A 'second hand' root key seems to have some
trust issues - the thing you are buying is the private half
of a public key pair .... but that's just a piece of information.
How can you be sure that, as purchaser, you are the *only*
possessor of the key, and no one else has another copy (the
seller, for example)?
Peter Trei
More information about the cypherpunks-legacy
mailing list