nanog mailing list archives

Re: The state-level attack on the SSL CA security model

From: Leif Nixon <nixon () nsc liu se>
Date: Thu, 24 Mar 2011 15:46:14 +0100

Harald Koch <chk () pobox com> writes:

On 3/23/2011 11:05 PM, Martin Millnert wrote:

To my surprise, I did not see a mention in this community of the
latest proof of the complete failure of the SSL CA model to actually
do what it is supposed to: provide security, rather than a false sense
of security.


This story strikes me as a success - the certs were revoked
immediately, and it took a surprisingly short amount of time for
security fixes to appear all over the place.


But revocation doesn't work, and people don't install updates, so this
is only a *theoretical* success.

-- 
Leif Nixon - Security officer
National Supercomputer Centre - Swedish National Infrastructure for Computing
Nordic Data Grid Facility - European Grid Infrastructure

Current thread:

RE: The state-level attack on the SSL CA security model, (continued)
- - - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
    - Re: The state-level attack on the SSL CA security model Ariel Biener (Mar 26)
    - Re: The state-level attack on the SSL CA security model Martin Millnert (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Joe Sniderman (Mar 25)
    - Re: The state-level attack on the SSL CA security model Franck Martin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 26)
    - Re: The state-level attack on the SSL CA security model Christopher Morrow (Mar 24)
- Re: The state-level attack on the SSL CA security model Harald Koch (Mar 24)
  - Re: The state-level attack on the SSL CA security model Leif Nixon (Mar 24)
  - Re: The state-level attack on the SSL CA security model Tony Finch (Mar 24)
    - Re: The state-level attack on the SSL CA security model Richard Barnes (Mar 24)
  - Re: The state-level attack on the SSL CA security model Dan White (Mar 24)
  - Re: The state-level attack on the SSL CA security model Brian Keefer (Mar 24)
  - Re: The state-level attack on the SSL CA security model Danny O'Brien (Mar 24)
- Re: The state-level attack on the SSL CA security model =JeffH (Mar 25)