Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI

From: Dener Martins <dener () SERPRO GOV BR>
Date: Tue, 22 Aug 2000 16:14:44 -0300
Hi,

There are other types of a certificate that have to be considered. For
instance, the Brazilian Federal Government will issue a certificate that
will force the subscriber (or tax contributor) to present himself to a
notary, in order to be elegible to get such a e-certificate. This is one
way to make harder to impersonate someone through an web certificate.

Since it is doing the pilot, so far there isn't any major flaw in the
scheme. It
will require social security number, personal picture ID, etc, before
the person can actually retrieve the certificate from a Web server. This
certificate will be used to do the Tax Return via Internet.

Bye,
D.
--
---------------------
Dener Martins
<dener.martins () serpro gov br>
F: (61) 411-8262

Attachment: dener.vcf
Description: Card for Dener Martins

Previous By Date Next
Previous By Thread Next

Current thread: