On Thu, Nov 23, 2000 at 07:16:49PM -0800, Vadim Antonov wrote:
useful certificate validation support. How many users actually check that site certificate indeed belongs to whoever is identified as the site owner on the Web pages?
Not relevant; presumably one would have accessed one's web mail at some point in the past, before Carnivore was installed at one's ISP. If so, the certificate will have been obtained long ago.
commercial entity. Of course, i have no proof that this happened, but I have no reason to trust that it didn't happen, too.)
It is a tremendous stretch to go from "we don't know" to "has no problem decrypting". That's what I'm objecting to; the original statement was not provable, and all I did was ask for the source. So far I haven't gotten a source, I've gotten assertions that SSL is weak (of course it is) with this somehow implying that Carnivore can magically decrypt things immediately.