Public Key Infrastructure: An Artifact...
Tue Dec 10 11:45:29 PST 2019
Lynn.Wheeler at firstdata.com wrote:
> actually ... not really ... this was discussed early this summer as to what
> actually check ... and how trivial it is to fabricate necessary details to
> such checking
> random ref:
> in general it is sufficient to have registered any DBA name & have a d&b entry
> plus some misc. other stuff ... all relatively easy to establish. Since the
> name & d&b entry aren't cross-checked as part of the SSL certificate
> ... just the domain name in the certificate against the domain name used ...
> could be really surprised at what comes up for DBA names.
> I've had credit card statements that listed the DBA names which had absolutely
> no relationship to the name of the store I had been to ... which i eventually
> had to call both the credit card company/bank and the store to figure out what
> was going on.
This is not a comment on the crapness of PKI, it is a comment on the
crapness of Verisign. The two are far from synonymous.
Don't get me wrong - I don't think PKI is a perfect solution by any
means - however, it gets us nowhere to attribute the faults of others to
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cypherpunks-legacy