From: tcmay@got.net (Timothy C. May)
To: sameer <cypherpunks@toad.com
Message Hash: f4515866ed97ac315d656ba34ad6ab4cfbeb69e275b9874d72ff0c4b8320d6b4
Message ID: <acae797450021004ecea@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-10-21 20:54:12 UTC
Raw Date: Sat, 21 Oct 95 13:54:12 PDT
From: tcmay@got.net (Timothy C. May)
Date: Sat, 21 Oct 95 13:54:12 PDT
To: sameer <cypherpunks@toad.com
Subject: Re: Verisign and MITM
Message-ID: <acae797450021004ecea@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain
[ssl-users@mincom.oz.au deleted from the distribution, as I am not on that list]
At 3:40 PM 10/20/95, sameer wrote:
> I recently submitted a certificate request to Verisign for my
>SSL web server. Looking over the process, I don't see how it avoids
>MITM in any way.
....
> I don't see any mechanism in place to avoid an MITM subverting
>step (A), and putting in his cert request in there. There isn't a
>strong cryptographic unforgeable relationship between my
>usmail/fax/proof request and the emailed kx509 cert request.
An interesting "direct demonstration" of this would be to get a certificate
generated for a well-known company, institution, or political candidate.
This would demonstrate the flaws in the e-mai/fax/snailmail process like
nothing else.
(Tangential note: Of course, my fear is always that exposing such flaws
shows that "we need a national identity system." After all, what Sameer is
describing is implicit in the fact that neither e-mail, nor a fax, nor
snail mail, is proof that an entity exists, or that the paperwork
represents the entity. That's a tough nut to crack, absent an "is-a-person"
or "is-an-institution" credentialling system.)
--Tim May
Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”