nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

From: Chris Adams <cmadams () hiwaay net>
Date: Tue, 13 Sep 2011 10:17:02 -0500

Once upon a time, Brett Frankenberger <rbf+nanog () panix com> said:

On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:

Once upon a time, Tei <oscar.vives () gmail com> said:

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows.


SSL without some verification of the far end is useless, as a
man-in-the-middle attack can create self-signed certs just as easily.


It protects against attacks where the attacker merely monitors the
traffic between the two endpoints.


Someone who can monitor can most likely inject false traffic and thus
MITM.

In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Current thread:

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- - - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tony Finch (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tei (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Brett Frankenberger (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Peter Kristolaitis (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases David Israel (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Lou Katz (Sep 14)
    - Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Jeroen Massar (Sep 14)
    - Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Always Learning (Sep 14)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Michiel Klaver (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Jima (Sep 13)

(Thread continues...)