[144537] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Sep 13 11:19:16 2011
Date: Tue, 13 Sep 2011 10:17:02 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: Brett Frankenberger <rbf+nanog@panix.com>
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>,
Brett Frankenberger <rbf+nanog@panix.com>, nanog@nanog.org
In-Reply-To: <20110913145855.GA23605@panix.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Brett Frankenberger <rbf+nanog@panix.com> said:
> On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
> > Once upon a time, Tei <oscar.vives@gmail.com> said:
> > > He, I just want to self-sign my CERT's and remove the ugly warning that
> > > browsers shows.
> >
> > SSL without some verification of the far end is useless, as a
> > man-in-the-middle attack can create self-signed certs just as easily.
>
> It protects against attacks where the attacker merely monitors the
> traffic between the two endpoints.
Someone who can monitor can most likely inject false traffic and thus
MITM.
In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
