[cap-talk] Firefox breaks .. identifiability - what
do CAs contribute?
Ian G
iang at systemics.com
Wed Feb 9 07:36:09 EST 2005
Ian G wrote:
> Now, all of these are in conflict, but it didn't matter
> until the system came under attack. Luckily or unluckily,
> the system was attacked by a complete bypass and SSL
> was not invoked. The browser security system has never
> ever been tested by aggressive attackers in a commercial
> fraud setting (I exclude the crypto community from that
> by definition). (Including the Shmoo thing, IMO.)
Apologies, that should say "The browser CRYPTO system has
never ever been tested by aggressive attackers in a commercial
fraud setting...." Clearly, the security system is attacked every
day.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list