[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

James A. Donald jamesd at echeque.com
Tue Jan 8 06:42:24 EST 2013


On 2013-01-08 7:26 PM, Ben Laurie wrote:
> Modulo CAs not working correctly, this is what SSL does. So long as
> you define "the right server" as being "the one with the domain name
> you navigated to".

Domain names are lengthy and not all that human memorable.    I logon to 
citicard, the correct domain name is accountsonline.com. Am I likely to 
notice if the domain name is accountsonlin.jim.com?

Indeed, in that the correct domain name is not citicard, am I likely to 
notice if the domain name Istealyourmoney.ru




More information about the cryptography mailing list