Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI

From: Eric Knight <deceased1 () HOME COM>
Date: Tue, 15 Aug 2000 09:35:42 -0600
Vuln-Dev Readers:

I've released my infamous PKI article "Throwing Rocks at the Public Key
Infrastructure" to the public -- a move that has been delayed for a fairly
long time.  The article details flaws in the security approaches of major
PKI companies and shows the steps needed to create forged digital
certificates.  It also has a nice breakdown of security concerns when
picking a PKI SOA, and ruthlessly hammers various insecure practices that
I've discovered in my comparison of all the firms.

I'm going to forward this over to Bugtraq, but first I'd like the pros in
Vuln-Dev take their crack at my analysis first.  I'd like to know what
people think of the attack methodology, or any other comments about the
article that they feel is important toward making a better paper.

The article is available at:

                 http://www.securityparadigm.com/articles/trpki.pdf

Thank you,

Eric Knight
knight () securityparadigm com
Previous By Date Next
Previous By Thread Next

Current thread: