[138949] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Richard Barnes)
Thu Mar 24 11:04:32 2011
In-Reply-To: <alpine.LSU.2.00.1103241452460.5244@hermes-1.csi.cam.ac.uk>
Date: Thu, 24 Mar 2011 10:59:45 -0400
From: Richard Barnes <richard.barnes@gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Which is especially funny since Comodo is citing the fact that they've
had no OCSP requests for the bad certs as evidence that they haven't
been used.
--Richard
On Thu, Mar 24, 2011 at 10:53 AM, Tony Finch <dot@dotat.at> wrote:
> Harald Koch <chk@pobox.com> wrote:
>>
>> This story strikes me as a success - the certs were revoked immediately,=
and
>> it took a surprisingly short amount of time for security fixes to appear=
all
>> over the place.
>
> It would have been much easier if certificate revocation actually worked
> properly.
>
> http://www.imperialviolet.org/2011/03/18/revocation.html
>
> Tony.
> --
> f.anthony.n.finch =A0<dot@dotat.at> =A0http://dotat.at/
> Viking, North Utsire, South Utsire: Westerly veering northerly, 4 or 5,
> occasionally 6 at first. Moderate or rough. Occasional rain. Moderate or =
good,
> occasionally poor at first.
>
>
