North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Does your Certifying Authority have a clue who you are? Do they care?

  • From: Valdis.Kletnieks
  • Date: Fri Dec 05 12:29:54 2003

On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
> No popup box on the browser asking to accept the certificate.

"Pay us $1,000 or we'll annoy your users with popups".

Sounds suspiciously like the extortion angle used recently against somebody who
was using Windows Messenger pop-op spam to advertise their "stop pop-up spam"

I'm however missing the actual security angle (remember that the lack of a
warning doesn't mean you actually connected securely with who you thought you

Attachment: pgp00016.pgp
Description: PGP signature