Public Key Infrastructure: An Artifact...

Tue Dec 10 11:45:29 PST 2019

Lynn.Wheeler at wrote:
> the current SSL domain name infrastructure supposedly exists because of issues
> with trusting the domain name infrastructure ... except the SSL domain name
> certificate issuer has to trust the same (untrusted) domain name
> when issuing a certificate (i.e. the SSL domain name certificate is no better
> than the authentication authority that the certificate authority has to rely
> as the final arbitrator of domain name ownership).
> one of the integrity issues with the domain name infrastructure ... is that
> domain names have been hijacked ... once hijacked ... you can go to
> authority and get a certificate with that domain name (and the certificate
> authority will check with the domain name system and confirm that the
> owns the domain name).

The difference is that a CA _also_ binds the certificate to a legal
entity. When the fraud is discovered, the identity of the fraudster is,




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

More information about the cypherpunks-legacy mailing list