Eliot Lear wrote: > [I should know better, but...] That's your problem. >> Given that CAs of PKI can be compromised as easily as ISPs >> of the Internet, PKI is merely weakly secure as weakly as >> the plain Internet. > This can be said of any technology that is poorly managed. So, you merely believe that the infrastructure of PKI is well managed. That's exactly why PKI is NOT strongly secure. You can believe that the infrastructure of the Internet is well managed, eaqually easilly. > On the other > hand, can you cite examples of a well known certificate (say one that I > might have found in Mozilla, Netscape, Firefox, etc) that has actually > been compromised? Can you cite examples of a tier1 ISP that has actually been compromised for active attack against DH? > I know of precisely one example. That's a lot more than enough. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf