nanog mailing list archives
Re: The state-level attack on the SSL CA security model
From: Brian Keefer <chort () smtps net>
Date: Thu, 24 Mar 2011 07:34:20 -0700
On Mar 24, 2011, at 7:09 AM, Harald Koch wrote:
On 3/23/2011 11:05 PM, Martin Millnert wrote:To my surprise, I did not see a mention in this community of the latest proof of the complete failure of the SSL CA model to actually do what it is supposed to: provide security, rather than a false sense of security.This story strikes me as a success - the certs were revoked immediately, and it took a surprisingly short amount of time for security fixes to appear all over the place. <snip> -- Harald
I'd hardly call the fact that it required manual blacklist patches to every browser a "success". SSL is a failure if real revocation requires creating a patch for browsers and relying on users to install it. -- bk
Current thread:
- Re: The state-level attack on the SSL CA security model, (continued)
- Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 25)
- Re: The state-level attack on the SSL CA security model Joe Sniderman (Mar 25)
- Re: The state-level attack on the SSL CA security model Franck Martin (Mar 25)
- Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 26)
- Re: The state-level attack on the SSL CA security model Christopher Morrow (Mar 24)
- Re: The state-level attack on the SSL CA security model Leif Nixon (Mar 24)
- Re: The state-level attack on the SSL CA security model Tony Finch (Mar 24)
- Re: The state-level attack on the SSL CA security model Richard Barnes (Mar 24)
- Re: The state-level attack on the SSL CA security model Dan White (Mar 24)
- Re: The state-level attack on the SSL CA security model Brian Keefer (Mar 24)
- Re: The state-level attack on the SSL CA security model Danny O'Brien (Mar 24)