[110299] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Robert Mathews (OSIA))
Fri Jan 2 12:57:15 2009
Date: Fri, 02 Jan 2009 12:56:19 -0500
From: "Robert Mathews (OSIA)" <mathews@hawaii.edu>
In-reply-to: <200901021733.n02HXnAN047547@aurora.sol.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Joe Greco wrote:
> [ .... ]
>
> Either we take the potential for transparent MitM attacks seriously, or
> we do not. I'm sure the NSA would prefer "not." :-)
>
> As for the points raised in your message, yes, there are additional
> problems with clients that have not taken this seriously. It is, however,
> one thing to have locks on your door that you do not lock, and another
> thing entirely not to have locks (and therefore completely lack the
> ability to lock). I hope that there is some serious thought going on in
> the browser groups about this sort of issue.
>
> [ ... ]
>
> ... JG
F Y I, see:
SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
certificates @
http://www.codefromthe70s.org/sslblacklist.aspx
Best.
