Foiling MITM attacks on source and ports trees
Chad Perrin
perrin at apotheon.com
Fri Jan 9 20:40:54 UTC 2009
On Tue, Jan 06, 2009 at 09:08:56PM -0800, Walt Pawley wrote:
> At 12:31 PM -0700 1/6/09, Chad Perrin wrote:
>
> >On the other hand, I don't trust Verisign, either.
>
> What's to trust? If you pay them, you "in."
Exactly. That's why I -- as the guy sitting in front of the *browser* --
don't trust Verisign to do my authentication and authorization thinking
for me. There's at minimum a potential for conflict of interest there,
in addition to the likelihood (now realized, in the form of leveraging
MD5 to crack Verisign cert authenticity) of bureaucratic incompetence
producing disaster entirely by accident.
--
Chad Perrin [ content licensed OWL: http://owl.apotheon.org ]
Quoth James Madison: "If Tyranny and Oppression come to this land, it
will be in the guise of fighting a foreign enemy."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090109/fb86b0d5/attachment.pgp
More information about the freebsd-questions
mailing list