[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP, Inc.

To: Tim Dierks <[email protected]>
Subject: Re: PGP, Inc.
From: Raph Levien <[email protected]>
Date: Fri, 10 May 1996 17:41:10 -0700
CC: [email protected]
References: <v02140b03adb92b2dbc65@[205.149.165.24]>
Sender: [email protected]

Tim Dierks wrote:
> 
> The only effort they make is that when using the email-based CA, it mails
> the certificate to the address within, so it's not trivial to get a cert
> for an address that you don't have access to. (I'm not saying it's
> impossible, or even hard, just that it requires some skill and effort).

For example, see http://www.digicrime.com/id.html . I believe they got
these certificates using the Web, rather than e-mail.

I think with e-mail, you'd actually have to be running a packet sniffer
or doing an active attack such as DNS spoofing. However, the Web is
much, much more convenient.

In any case, the page I referenced above is worthwhile reading.

Raph

References:
- Re: PGP, Inc.
  - From: [email protected] (Tim Dierks)

Prev by Date: Re: Dear friends,
Next by Date: [Yadda Yadda Heil Dave] Re: [email protected] down
Prev by thread: Re: PGP, Inc.
Next by thread: Re: PGP, Inc.
Index(es):
- Date
- Thread