WebApp Sec mailing list archives
Re: Growing Bad Practice with Login Forms
From: Jason Coombs PivX Solutions <jcoombs () pivx com>
Date: Tue, 27 Jul 2004 16:25:15 -1000
Toro, Daniel wrote: > Maybe the certificate is hard (near impossible?) to fakecertificate chain validation flaws exist in Internet Explorer, Mozilla, and other browsers that enable anyone to forge any server certificate.
I would say that certificate-based server authentication is dead, except that it is still produces huge annual revenues for the companies that sell this useless snake oil remedy for a problem that doesn't exist.
Nobody has trouble communicating their public key to the people who need to know what it is. Certificate chains presumed that this would be impossible in an overly-complicated anonymous commerce model across geographical and political boundaries in the borderless nirvana of cyberspace. Faulty presumption. End of technology? No, unfortunately not.
The tax man must be paid else the padlock will not appear. Certificates are a means of extracting money from people who want to do something meaningful with the Web. They are not a security countermeasure. Thus proof that they don't work doesn't cause them to go away... It just reveals their true purpose.
Most Secure Regards, Jason Coombs Jcoombs () pivx com
Current thread:
- RE: successful anonymous login, (continued)
- RE: successful anonymous login dave kleiman (Jul 27)
- RE: successful anonymous login Yaakov Yehudi (Jul 28)
- RE: successful anonymous login V. Poddubnyy (Jul 27)
- Re: Growing Bad Practice with Login Forms Merlijn Tishauser (Jul 27)
- RE: Growing Bad Practice with Login Forms Mark Curphey (Jul 27)
- RE: Growing Bad Practice with Login Forms Yvan Boily (Jul 27)
- Re: Growing Bad Practice with Login Forms Toro, Daniel (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Re: Growing Bad Practice with Login Forms Stephen de Vries (Jul 28)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 29)
- Re: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 29)
- Re: Growing Bad Practice with Login Forms Ivan Krstic (Jul 28)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Darragh O'Brien (Jul 27)