Holy shit I caught 1
phobos at rootme.org
phobos at rootme.org
Wed Aug 30 14:47:00 UTC 2006
On Wed, Aug 30, 2006 at 03:14:47PM +0200, fis at wiwi.hu-berlin.de wrote 3.5K bytes in 93 lines about:
: and there is another issue that hasn't been brought up: even if the
: certificate is valid and non-bogus, there may be an attack.
One can purchase a completely valid cert for $25 and a phone
number you provide as authentication. Every browser will accept
it without question.
CAs don't do anywhere near the level of validation and
authentication of the cert owner as users think they do.
Self-signed certs can be more secure if you personally know the
signer and can verify the various fingerprints out of band.
Good luck trying to do this with any large company's cert.
--
Andrew
More information about the tor-talk
mailing list