Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI

From: "Timothy J. Miller" <cerebus () SACKHEADS ORG>
Date: Wed, 23 Aug 2000 07:22:08 -0500
Dener Martins <dener () SERPRO GOV BR> writes:


There are other types of a certificate that have to be considered. For
instance, the Brazilian Federal Government will issue a certificate that
will force the subscriber (or tax contributor) to present himself to a
notary, in order to be elegible to get such a e-certificate. This is one
way to make harder to impersonate someone through an web certificate.


I think it needs to be made clear that what the initial paper was
discussing was commercial certification authorities.  Government-run
CAs have alternate stronger personal authentication methods available
to them that businesses (by US law at least) are prohibited from
accessing.

However, some proposed legislation would make such commercial
certificates binding just as well as a government-issued certificate--
and therein lies the real risk.
Previous By Date Next
Previous By Thread Next

Current thread: