North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Does your Certifying Authority have a clue who you are? Do they care?
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said: > > So what does the PKI actually buy you that using a throwaway self-signed cert > > doesn't provide? > > No popup box on the browser asking to accept the certificate. "Pay us $1,000 or we'll annoy your users with popups". Sounds suspiciously like the extortion angle used recently against somebody who was using Windows Messenger pop-op spam to advertise their "stop pop-up spam" product. I'm however missing the actual security angle (remember that the lack of a warning doesn't mean you actually connected securely with who you thought you did).