[138942] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Leif Nixon)
Thu Mar 24 10:46:23 2011
From: Leif Nixon <nixon@nsc.liu.se>
To: NANOG <nanog@nanog.org>
Date: Thu, 24 Mar 2011 15:46:14 +0100
In-Reply-To: <4D8B5089.4010507@pobox.com> (Harald Koch's message of "Thu, 24
Mar 2011 10:09:13 -0400")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Harald Koch <chk@pobox.com> writes:
> On 3/23/2011 11:05 PM, Martin Millnert wrote:
>> To my surprise, I did not see a mention in this community of the
>> latest proof of the complete failure of the SSL CA model to actually
>> do what it is supposed to: provide security, rather than a false sense
>> of security.
>
> This story strikes me as a success - the certs were revoked
> immediately, and it took a surprisingly short amount of time for
> security fixes to appear all over the place.
But revocation doesn't work, and people don't install updates, so this
is only a *theoretical* success.
--
Leif Nixon - Security officer
National Supercomputer Centre - Swedish National Infrastructure for Computing
Nordic Data Grid Facility - European Grid Infrastructure
