[OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP implementations)
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Jan 5 13:05:28 UTC 2009
On 01/05/2009 11:09 AM, Peter Williams:
>
> > -----Original Message-----
>
> > From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
>
> > Behalf Of Eric Norman
>
> > Sent: Sunday, January 04, 2009 11:43 PM
>
> > As Eddy (and lots of others) said, there are almost certainly
>
> > no certificates in the field that have been forged with this
>
> > attack.
>
> */ /*
>
> */Eddy, did you really say that? ”almost certainly no certificates…?”/*
>
> */ /*
>
> */If you know of a URL that disproves this, perhaps send it to Eric.
> I’d expect most people in the CA business to know it. Even the folks
> at cacert.org know it…/*
>
> */ /*
>
Can you show me a case where certificates where successfully used and
created damage to any relying parties? To all of my knowledge this is
not the case for this or that reason.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090105/94f7ef0a/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090105/94f7ef0a/attachment-0002.bin>
More information about the general
mailing list