PKI - Breaking the Yellow Lock

PKI - Breaking the Yellow Lock
Richard Forno, 2002-02-13

PKI provides Web users with a false sense of security that undermines the security of their on-line information.

Expand all | Post comment

PKI - Breaking the Yellow Lock 2002-02-13
Anonymous (1 replies)

PKI - Breaking the Yellow Lock 2002-02-22
Anonymous

PKI - Breaking the Yellow Lock 2002-02-14
Sjonnie (1 replies)

PKI - Breaking the Yellow Lock 2002-02-15
Anonymous (1 replies)

Man-in-the-Middle 2002-02-17
Anonymous

This is news... how? 2002-02-15
TheReject (2 replies)

Your assertion that the weakness is in the implementation, and not the certificates themselves. This is indeed correct, I think you should shift the blame away from the PKI vendors and toward the corporate clients.

Blaming Verisign for a corporation's unencrypted database is absurd at best. The role of the certificate is to encrypt data between the client and the host server, and after that point, the PKI vender is no longer culpable.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/60/10528#10528

This is news... how? 2002-02-15
Rick Forno (1 replies)

This is news... how? 2002-02-27
Anonymous

This is news... how? 2002-02-19
Chroma Key (1 replies)

This is news... how? 2002-02-20
Anonymous (1 replies)

This is news... how? 2002-02-22
J. Rogers

PKI - Breaking the Yellow Lock 2002-02-17
Anonymous

PKI - Breaking the Yellow Lock 2002-02-17
Exothermic Reaction (2 replies)

PKI - Breaking the Yellow Lock 2002-02-20
Oh, Please (1 replies)

PKI - What has it to do with yellow locks anyway? 2002-03-09
Mark

PKI - Breaking the Yellow Lock 2002-02-20
Anonymous

PKI - Breaking the Yellow Lock 2002-02-18
Anonymous

PKI - Breaking the Yellow Lock 2002-02-19
A concerned person