Vulnerability Development mailing list archives
Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI
From: Eric Knight <deceased1 () HOME COM>
Date: Tue, 15 Aug 2000 09:35:42 -0600
Vuln-Dev Readers: I've released my infamous PKI article "Throwing Rocks at the Public Key Infrastructure" to the public -- a move that has been delayed for a fairly long time. The article details flaws in the security approaches of major PKI companies and shows the steps needed to create forged digital certificates. It also has a nice breakdown of security concerns when picking a PKI SOA, and ruthlessly hammers various insecure practices that I've discovered in my comparison of all the firms. I'm going to forward this over to Bugtraq, but first I'd like the pros in Vuln-Dev take their crack at my analysis first. I'd like to know what people think of the attack methodology, or any other comments about the article that they feel is important toward making a better paper. The article is available at: http://www.securityparadigm.com/articles/trpki.pdf Thank you, Eric Knight knight () securityparadigm com
Current thread:
- Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 15)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 22)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Timothy J. Miller (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Alvin Foo (Aug 24)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 29)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Christoph Puppe (Aug 25)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Timothy J. Miller (Aug 25)