nanog mailing list archives
Re: The state-level attack on the SSL CA security model
From: Owen DeLong <owen () delong com>
Date: Fri, 25 Mar 2011 12:46:38 -0700
On Mar 24, 2011, at 2:44 PM, George Herbert wrote:
On Thu, Mar 24, 2011 at 2:39 PM, Franck Martin <franck () genius com> wrote:----- Original Message -----From: "Roland Dobbins" <rdobbins () arbor net> To: "nanog group" <nanog () nanog org> Sent: Friday, 25 March, 2011 9:33:27 AM Subject: Re: The state-level attack on the SSL CA security model On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:Disclosure devalues information.I think this case is different, given the perception of the cert as a 'thing' to be bartered.Isn't there any law that obliges company to disclose security breaches that involve consumer data?I don't think SSL certs are consumer data, per se.
No, but, a weak SSL cert in use by your company could disclose consumer data due to its weakness. Owen
Current thread:
- The state-level attack on the SSL CA security model Martin Millnert (Mar 23)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 23)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 24)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 24)
- Re: The state-level attack on the SSL CA security model Franck Martin (Mar 24)
- Re: The state-level attack on the SSL CA security model George Herbert (Mar 24)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 25)
- Re: The state-level attack on the SSL CA security model Owen DeLong (Mar 25)
- Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 24)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 25)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 25)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 28)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 29)
- Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 23)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Dorn Hetzel (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)