nanog mailing list archives
Re: The state-level attack on the SSL CA security model
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 24 Mar 2011 10:28:26 +0000
On Mar 24, 2011, at 6:19 PM, Joakim Aronius wrote:
Surely the value of stolen certs are higher if the public do not know that they exist.
A wider swathe of interested parties would know of their existence, and their existence would be officially confirmed, which would make them more valuable. Unfortunately, the general public neither know, understand, or care about such things. They happily click 'I Understand the Risks' or whatever the button says in their browsers of choice to accept self-signed certificates all the time. I don't know enough details of what actually transpired to have an actual opinion on the Comodo situation one way or another; but I can see both sides of the argument. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde
Current thread:
- The state-level attack on the SSL CA security model Martin Millnert (Mar 23)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 23)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Franck Martin (Mar 24)
- Re: The state-level attack on the SSL CA security model George Herbert (Mar 24)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 25)
- Re: The state-level attack on the SSL CA security model Owen DeLong (Mar 25)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 25)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 25)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 28)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 23)