nanog mailing list archives

Re: The state-level attack on the SSL CA security model

From: Steven Bellovin <smb () cs columbia edu>
Date: Fri, 25 Mar 2011 23:12:29 -0400


On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:

One could argue that you could try something like the facebook model (or facebook itself). I can see it coming.
Facebook web of trust app ;-)

Except, of course, for the fact that people tend to have hundreds of "friends", many of whom they don't know at all, 
and who achieved that status simply by asking.  You need a much stronger notion of interaction, to say nothing of what 
the malware in your "friends'" computers are doing to simulate such interaction.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: The state-level attack on the SSL CA security model, (continued)
- - - Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
    - Re: The state-level attack on the SSL CA security model Crist Clark (Mar 29)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Dorn Hetzel (Mar 25)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
    - Re: The state-level attack on the SSL CA security model Ariel Biener (Mar 26)
    - Re: The state-level attack on the SSL CA security model Martin Millnert (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Joe Sniderman (Mar 25)
    - Re: The state-level attack on the SSL CA security model Franck Martin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 26)
    - Re: The state-level attack on the SSL CA security model Christopher Morrow (Mar 24)
- Re: The state-level attack on the SSL CA security model Harald Koch (Mar 24)
  - Re: The state-level attack on the SSL CA security model Leif Nixon (Mar 24)
  - Re: The state-level attack on the SSL CA security model Tony Finch (Mar 24)
    - Re: The state-level attack on the SSL CA security model Richard Barnes (Mar 24)
  - Re: The state-level attack on the SSL CA security model Dan White (Mar 24)
  - Re: The state-level attack on the SSL CA security model Brian Keefer (Mar 24)

(Thread continues...)