[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] cert bundle sources
|
From: |
Thorsten Glaser |
|
Subject: |
Re: [Lynx-dev] cert bundle sources |
|
Date: |
Sat, 21 Mar 2009 23:25:47 +0000 (UTC) |
David Woolley dixit:
> My references to low and high trust was to the fact that you get certificates
> which are only authenticated by emailing the purported owner, mixed in with
> ones that require certified copies of incorporation documents to be provided
> first.
SSL certificates merely assure you an encrypted, secure channel
with the party you're talking to. It is identified by the URI.
I wouldn't dare wanting to try to get more out of it.
If https://www.$bankname.net/ were occupied by someone else than
the hypothetical bank in this example, but someone held a perfect-
ly valid SSL certificate for it, I wouldn't complain, except over
the stupidity of registrars and users who do not look at the do-
cuments the bank itself provides, citing its URIs.
The connection is secure, and your communication partner is
authenticated and identified as "www.$bankname.net" but not
as "the bank with said name". This is a social problem, not
a technical problem, and, as such, requires different means
to solve it.
goodnight,
//mirabilos
--
“It is inappropriate to require that a time represented as
seconds since the Epoch precisely represent the number of
seconds between the referenced time and the Epoch.”
-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2