Re: fingerprint of the archive signing key
On Wed, Jun 30, 2004 at 11:24:14AM +1000, Zenaan Harkness wrote:
> On Wed, 2004-06-30 at 10:29, Bernd Eckenfels wrote:
> > The RA is normally the point where you attack the PKI most
> > easyly (remeber the MS/Verisign joke).
>
> Not actually. Got a pointer, URL, or google search phrase?
See for example MS01-017. Verisign issued a code signing certificate with
Microsoft as the subject of the certifiacte to someone else, because they
simple did no real checks.
Bernd
--
(OO) -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://www.eckes.org/
o--o 1024D/E383CD7E eckes@IRCNet v:+497211603874 f:+497211606754
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: