Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re[2]: Five Ways to Screw Up SSL

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Mon, 22 May 2006 09:06:40 -0400
On 5/21/06, Thierry Zoller <Thierry () zoller lu> wrote:

Dear Dude VanWinkle,

DV> Why would it matter who signed it? As long as the data is encrypted as
DV> it travels over the internet, I am happy.
Why would it matter who signed it? I am happy to handle the ssl
handshake mitm for you. All your encrypted data is belong to me.


I was referring to the CA that signs it. It was implied that
freessl.com, who gives out trial certificates, is an unreliable CA. I
do not understand why their certs would be any less valid than
anothers.

As long as the website listed on the cert is the website you are
visiting, why should it matter who issued the cert?

-JP



--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: