[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The state-level attack on the SSL CA security model

Subject: The state-level attack on the SSL CA security model
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Thu, 24 Mar 2011 04:13:37 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

On Mar 24, 2011, at 11:05 AM, Martin Millnert wrote:

> Announcing this high and loud even before fixes were available would not have exposed more users to threats, but less.


An argument against doing this prior to fixes being available is that miscreants who didn't know about this previously would be alerted to the possibility of using one of these certs (assuming they could get their hands on one) in conjunction with name resolution manipulation.

Note that announcing this prior to fixes would've dramatically increased the resale value of these certificates in the underground economy, making them much more attractive/lucrative.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

Follow-Ups:
- The state-level attack on the SSL CA security model
  - From: joakim at aronius.se (Joakim Aronius)

References:
- The state-level attack on the SSL CA security model
  - From: millnert at gmail.com (Martin Millnert)

Prev by Date: The state-level attack on the SSL CA security model
Next by Date: Creating an IPv6 addressing plan for end users
Previous by thread: The state-level attack on the SSL CA security model
Next by thread: The state-level attack on the SSL CA security model
Index(es):
- Date
- Thread