[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)
James A. Donald
jamesd at echeque.com
Tue Jan 8 06:42:24 EST 2013
On 2013-01-08 7:26 PM, Ben Laurie wrote:
> Modulo CAs not working correctly, this is what SSL does. So long as
> you define "the right server" as being "the one with the domain name
> you navigated to".
Domain names are lengthy and not all that human memorable. I logon to
citicard, the correct domain name is accountsonline.com. Am I likely to
notice if the domain name is accountsonlin.jim.com?
Indeed, in that the correct domain name is not citicard, am I likely to
notice if the domain name Istealyourmoney.ru
More information about the cryptography