PKI - Breaking the Yellow Lock

Threat level definition

PKI - Breaking the Yellow Lock
Richard Forno, 2002-02-13

PKI provides Web users with a false sense of security that undermines the security of their on-line information.

Expand all | Post comment

PKI - Breaking the Yellow Lock 2002-02-13
Anonymous (1 replies)

PKI - Breaking the Yellow Lock 2002-02-22
Anonymous

PKI - Breaking the Yellow Lock 2002-02-14
Sjonnie (1 replies)

PKI - Breaking the Yellow Lock 2002-02-15
Anonymous (1 replies)

Man-in-the-Middle 2002-02-17
Anonymous

This is news... how? 2002-02-15
TheReject (2 replies)

This is news... how? 2002-02-15
Rick Forno (1 replies)

This is news... how? 2002-02-27
Anonymous

This is news... how? 2002-02-19
Chroma Key (1 replies)

This is news... how? 2002-02-20
Anonymous (1 replies)

This is news... how? 2002-02-22
J. Rogers

PKI - Breaking the Yellow Lock 2002-02-17
Anonymous

PKI - Breaking the Yellow Lock 2002-02-17
Exothermic Reaction (2 replies)

PKI - Breaking the Yellow Lock 2002-02-20
Oh, Please (1 replies)

PKI - What has it to do with yellow locks anyway? 2002-03-09
Mark

PKI - Breaking the Yellow Lock 2002-02-20
Anonymous

PKI - Breaking the Yellow Lock 2002-02-18
Anonymous

PKI - Breaking the Yellow Lock 2002-02-18
Anonymous

PKI - Breaking the Yellow Lock 2002-02-19
A concerned person

PKI - Breaking the Yellow Lock 2002-02-19
A concerned person (1 replies)

PKI - Breaking the Yellow Lock 2002-02-20
WillieWang

PKI - Breaking the Yellow Lock 2002-02-20
emts@telstra.com (1 replies)

PKI - Breaking the Yellow Lock 2002-02-23
Anonymous

PKI - Breaking the Yellow Lock 2002-02-21
Anonymous (1 replies)

PKI - Breaking the Yellow Lock 2002-02-22
Anonymous

To the Author 2002-02-27
Anonymous (1 replies)

To the Author 2002-03-02
Anonymous (1 replies)

To the Author 2002-03-04
Anonymous

Problem with Applications Not with Certification Authorities 2002-03-05
Lalit Bhangale

I am bit confused here, what shall be the scenarios in which the mentioned myths could be explored..
Everyone now a days is very clear that PKI shall be always between two parties, the moment one introduces the third one it has to fail... The reason is wellknown.
Now for this simplicity various application platforms are using SSL 2.0 implementation and if at all SSL 3.0 has to deployed, then it becomes well obvious responsibility of the application provider to verify the transacted certifgicates from peers.
For me, certificate venders are only responsible for providing the certificates, how to use and manage all really is part of Application, thats why PKI is not popular and feasible solution today...
But the need shall be driving the market and approach for the proper security.
please comment ...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/60/10780#10780

PKI - Breaking the Yellow Lock 2002-03-06
Milind Gokhale

Privacy Statement
Copyright 2009, SecurityFocus