[110430] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Joe Abley)
Mon Jan 5 15:50:10 2009
From: Joe Abley <jabley@hopcount.ca>
To: Jason Uhlenkott <jasonuhl@jasonuhl.org>
In-Reply-To: <20090105201859.GC15107@ferrum.uhlenkott.net>
Date: Mon, 5 Jan 2009 15:39:37 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>, Joe Greco <jgreco@ns.sol.net>
Errors-To: nanog-bounces@nanog.org
On 2009-01-05, at 15:18, Jason Uhlenkott wrote:
> If we had DNSSEC, we could do away with SSL CAs entirely. The owner
> of each domain or host could publish a self-signed cert in a TXT RR,
... or even in a CERT RR, as I heard various clever people talking
about in some virtual hallway the other day. <http://www.isi.edu/in-notes/rfc2538.txt
>.
> and the DNS chain of trust would be the only form of validation
> needed.
Joe
