Re: fingerprint of the archive signing key

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: fingerprint of the archive signing key
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 30 Jun 2004 04:02:37 +0200
Message-id: <[🔎] 20040630020237.GA4755@lina.inka.de>
In-reply-to: <[🔎] 1088558654.3087.94.camel@zen8100a.freedbms.net>
References: <[🔎] 20040629013230.GB14609@cirrus.madduck.net> <[🔎] 20040629115722.GA24190@suffields.me.uk> <[🔎] 87pt7izfnc.fsf@alhambra.bioz.unibas.ch> <[🔎] 20040629172848.GA19987@suffields.me.uk> <[🔎] 20040629173407.GD22096@riva.ucam.org> <[🔎] 20040629214219.GA2631@suffields.me.uk> <[🔎] 20040629233537.GA25370@riva.ucam.org> <[🔎] 1088554798.3081.30.camel@zen8100a.freedbms.net> <[🔎] 20040630002952.GA2528@lina.inka.de> <[🔎] 1088558654.3087.94.camel@zen8100a.freedbms.net>

On Wed, Jun 30, 2004 at 11:24:14AM +1000, Zenaan Harkness wrote:
> On Wed, 2004-06-30 at 10:29, Bernd Eckenfels wrote:
> > The RA is normally the point where you attack the PKI most
> > easyly (remeber the MS/Verisign joke).
> 
> Not actually. Got a pointer, URL, or google search phrase?

See for example MS01-017. Verisign issued a code signing certificate with
Microsoft as the subject of the certifiacte to someone else, because they
simple did no real checks.

Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )      ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o     1024D/E383CD7E  eckes@IRCNet  v:+497211603874  f:+497211606754
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- Re: fingerprint of the archive signing key
  - From: martin f krafft <madduck@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Frank Küster <frank@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Colin Watson <cjwatson@debian.org>
- Re: fingerprint of the archive signing key
  - From: Andrew Suffield <asuffield@debian.org>
- Re: fingerprint of the archive signing key
  - From: Colin Watson <cjwatson@debian.org>
- Re: fingerprint of the archive signing key
  - From: Zenaan Harkness <zen@freedbms.net>
- Re: fingerprint of the archive signing key
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: fingerprint of the archive signing key
  - From: Zenaan Harkness <zen@freedbms.net>

Prev by Date: GNU/kFreeBSD LiveCD
Next by Date: Bug#256949: ITP: php4-auth-pam -- A PHP extension for PAM authentication
Previous by thread: Re: fingerprint of the archive signing key
Next by thread: Re: fingerprint of the archive signing key
Index(es):
- Date
- Thread