[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] cert bundle sources

From: Thorsten Glaser
Subject: Re: [Lynx-dev] cert bundle sources
Date: Sat, 21 Mar 2009 23:25:47 +0000 (UTC)

David Woolley dixit:

> My references to low and high trust was to the fact that you get certificates
> which are only authenticated by emailing the purported owner, mixed in with
> ones that require certified copies of incorporation documents to be provided
> first.

SSL certificates merely assure you an encrypted, secure channel
with the party you're talking to. It is identified by the URI.
I wouldn't dare wanting to try to get more out of it.

If https://www.$ were occupied by someone else than
the hypothetical bank in this example, but someone held a perfect-
ly valid SSL certificate for it, I wouldn't complain, except over
the stupidity of registrars and users who do not look at the do-
cuments the bank itself provides, citing its URIs.

The connection is secure, and your communication partner is
authenticated and identified as "www.$" but not
as "the bank with said name". This is a social problem, not
a technical problem, and, as such, requires different means
to solve it.

“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

reply via email to

[Prev in Thread] Current Thread [Next in Thread]