An attack on paypal
Anne & Lynn Wheeler
lynn at garlic.com
Wed Jun 11 11:42:50 PDT 2003
At 10:56 AM 6/11/2003 -0400, Sunder wrote:
>In either case, we wouldn't need to worry about paying Verisign or anyone
>else if we had properly secured DNS. Then you could trust those pop-up
>self-signed SSL cert warnings.
actually, if you had a properly secured DNS .... then you could trust DNS
to distribute public keys bound to a domain name in the same way they
distribute ip-addresses bound to a domain name.
the certificates serve two purposes: 1) is the server that we think we are
talking to really the server we are talking to and 2) key-exchange for
establishing an encrypted channel. a properly secured DNS would allow
information distributed by DNS to be trusted .... including a server's
public key .... and given the public key .... it would be possible to do
the rest of the SSL operation (w/o requiring certificates) which is
establishing an agreed upon session secret key.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cypherpunks-legacy
mailing list