1995-10-21 - Re: Verisign and MITM

Header Data

From: sameer <sameer@c2.org>
To: tcmay@got.net (Timothy C. May)
Message Hash: f526c0eb8b9aa7d472df5c8c830c7058cc774c1bca8f17f6878ca3dfe7ea303f
Message ID: <199510211753.KAA17410@infinity.c2.org>
Reply To: <acae797450021004ecea@[205.199.118.202]>
UTC Datetime: 1995-10-21 20:55:05 UTC
Raw Date: Sat, 21 Oct 95 13:55:05 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Sat, 21 Oct 95 13:55:05 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: Verisign and MITM
In-Reply-To: <acae797450021004ecea@[205.199.118.202]>
Message-ID: <199510211753.KAA17410@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> An interesting "direct demonstration" of this would be to get a certificate
> generated for a well-known company, institution, or political candidate.
> This would demonstrate the flaws in the e-mai/fax/snailmail process like
> nothing else.

	That wasn't quite the point. If I submitted a key and
paperwork for the key claiming to be Jim Bidzos, and they gave me a
cert for that, that wasn't my point. My point was simply the technical
linking of the paperwork and the key. I figured that a relatively easy
way to fix that would be to require an MD5 of the key included with
the faxed paperwork. It has been mentioned to me though that an MITM
would be noticed once verisign sent me back a signed cert and it
didn't work with my key.

> 
> (Tangential note: Of course, my fear is always that exposing such flaws
> shows that "we need a national identity system." After all, what Sameer is
> describing is implicit in the fact that neither e-mail, nor a fax, nor
> snail mail, is proof that an entity exists, or that the paperwork
> represents the entity. That's a tough nut to crack, absent an "is-a-person"
> or "is-an-institution" credentialling system.)
> 
> --Tim May
> 
> Views here are not the views of my Internet Service Provider or Government.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> Corralitos, CA              | knowledge, reputations, information markets,
> Higher Power: 2^756839      | black markets, collapse of governments.
> "National borders are just speed bumps on the information superhighway."
> 
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org






Thread