[110305] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Jan 2 15:58:20 2009
Date: Fri, 2 Jan 2009 15:58:12 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Deepak Jain <deepak@ai.net>
In-Reply-To: <D338D1613B32624285BB321A5CF3DB250C8BAEFE60@ginga.ai.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, 2 Jan 2009 15:49:24 -0500
Deepak Jain <deepak@ai.net> wrote:
> > Of course, this will just make the browsers pop up dialog boxes
> > which everyone will click OK on...
> >
>
> And brings us to an even more interesting question, since everything
> is trusting their in-browser root CAs and such. How trustable is the
> auto-update process? If one does provoke a mass-revocation of
> certificates and everyone needs to update their browsers... how do
> the auto-update daemons *know* that what they are getting is the real
> deal?
>
> [I haven't looked into this, just bringing it up. I'm almost certain
> its less secure than the joke that is SSL certification].
>
If done properly, that's actually an easier task: you build the update
key into the browser. When it pulls in an update, it verifies that it
was signed with the proper key.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
