[138938] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Harald Koch)
Thu Mar 24 10:10:52 2011
Date: Thu, 24 Mar 2011 10:09:13 -0400
From: Harald Koch <chk@pobox.com>
CC: NANOG <nanog@nanog.org>
In-Reply-To: <AANLkTik73H1TEMRTFWw1NCLUwOnWacE8xvqzcHYb6vN4@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 3/23/2011 11:05 PM, Martin Millnert wrote:
> To my surprise, I did not see a mention in this community of the
> latest proof of the complete failure of the SSL CA model to actually
> do what it is supposed to: provide security, rather than a false sense
> of security.
This story strikes me as a success - the certs were revoked immediately,
and it took a surprisingly short amount of time for security fixes to
appear all over the place.
> In some places, failure of internet security means people die
Those people know that using highly visible services like gmail and
skype is asking to be exposed...
--
Harald
