Interesting People mailing list archives
Re: Surveillance via bogus SSL certificates
From: Dave Farber <dave () farber net>
Date: Thu, 25 Mar 2010 12:10:53 -0400
Begin forwarded message:
From: "Ed Gerck, Ph.D." <egerck () nma com> Date: March 25, 2010 11:24:33 AM EDT To: David Farber <dave () farber net>, Ip Ip <ip () v2 listbox com> Subject: Re: [IP] Re: Surveillance via bogus SSL certificates
Matt and IP'ers, Please accept these comments in academic interest. I do not know the authors and have no intent to discourage them -- to the contrary. You have my authorization to forward my comments to them if you so wish.I reverified the paragraph. The paper says: "a new attack, the compelled certificate creation attack" and then says: "As far as we are aware, weare the first to formally introduce and analyze this attack in the academic literature." Well, the "compelled certificate creation attack" is not new and that was my comment. And not even the old but good solution (used since Netscape times) of self-signing CA-issued certs is mentioned in the paper, whereas the paper presents a solution that it admits does not work. Best regards, Ed Gerck
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Surveillance via bogus SSL certificates Dave Farber (Mar 24)
- <Possible follow-ups>
- Surveillance via bogus SSL certificates Dave Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates David Farber (Mar 24)
- Re: Surveillance via bogus SSL certificates Dave Farber (Mar 25)