Fedora home server using core 9
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Sep 2 15:03:05 UTC 2008
On Tue, 2008-09-02 at 23:06 +0930, Tim wrote:
> The average HTTPS website that "just works" for you has paid a lot of
> money to someone like Verisign to assert that they're who they claim
> to be
The irony is that if you read Versign's documentation, they don't
actually claim to guarantee this. They just go through some standardized
checking process involving external authorities such as notaries or
business registries. A sufficiently interested adversary can quite
easily register a company and get a certificate. If you don't recognize
the company using external information (e.g. it's called IBM or The New
York Times) you have no objective reason to trust it.
poc
More information about the fedora-list
mailing list