nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The state-level attack on the SSL CA security model

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 24 Mar 2011 04:13:37 +0000

On Mar 24, 2011, at 11:05 AM, Martin Millnert wrote:


Announcing this high and loud even before fixes were available would not have exposed more users to threats, but less.



An argument against doing this prior to fixes being available is that miscreants who didn't know about this previously 
would be alerted to the possibility of using one of these certs (assuming they could get their hands on one) in 
conjunction with name resolution manipulation.

Note that announcing this prior to fixes would've dramatically increased the resale value of these certificates in the 
underground economy, making them much more attractive/lucrative.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde
Previous By Date Next
Previous By Thread Next

Current thread: