[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Wed, Jun 30, 2004 at 11:24:14AM +1000, Zenaan Harkness wrote:
> On Wed, 2004-06-30 at 10:29, Bernd Eckenfels wrote:
> > The RA is normally the point where you attack the PKI most
> > easyly (remeber the MS/Verisign joke).
> Not actually. Got a pointer, URL, or google search phrase?

See for example MS01-017. Verisign issued a code signing certificate with
Microsoft as the subject of the certifiacte to someone else, because they
simple did no real checks.

  (OO)      -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )      ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o     1024D/E383CD7E  eckes@IRCNet  v:+497211603874  f:+497211606754
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: