[110335] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat Jan 3 08:58:14 2009
From: Florian Weimer <fw@deneb.enyo.de>
To: Joe Greco <jgreco@ns.sol.net>
Date: Sat, 03 Jan 2009 14:57:59 +0100
In-Reply-To: <200901022329.n02NTuj6063258@aurora.sol.net> (Joe Greco's message
of "Fri, 2 Jan 2009 17:29:56 -0600 (CST)")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Joe Greco:
>> A CA statement that they won't issue MD5-signed certificates in the
>> future should be sufficient. There's no need to reissue old
>> certificates, unless the CA thinks other customers have attacked it.
>
> That would seem to be at odds with what the people who documented this
> problem believe.
What do they believe? That the CA should reissue certificates even if
the CA assumes that there haven't been other attacks? Or that the CA
should not reissue, despite evidence of other attacks?
