[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The state-level attack on the SSL CA security model

Subject: The state-level attack on the SSL CA security model
From: owen at delong.com (Owen DeLong)
Date: Fri, 25 Mar 2011 12:46:38 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Mar 24, 2011, at 2:44 PM, George Herbert wrote:

> On Thu, Mar 24, 2011 at 2:39 PM, Franck Martin <franck at genius.com> wrote:
>> 
>> 
>> ----- Original Message -----
>>> From: "Roland Dobbins" <rdobbins at arbor.net>
>>> To: "nanog group" <nanog at nanog.org>
>>> Sent: Friday, 25 March, 2011 9:33:27 AM
>>> Subject: Re: The state-level attack on the SSL CA security model
>>> On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:
>>> 
>>>>  Disclosure devalues information.
>>> 
>>> 
>>> I think this case is different, given the perception of the cert as a
>>> 'thing' to be bartered.
>>> 
>> 
>> Isn't there any law that obliges company to disclose security breaches that involve consumer data?
> 
> I don't think SSL certs are consumer data, per se.
> 
No, but, a weak SSL cert in use by your company could disclose
consumer data due to its weakness.


Owen

References:
- The state-level attack on the SSL CA security model
  - From: rdobbins at arbor.net (Dobbins, Roland)
- The state-level attack on the SSL CA security model
  - From: franck at genius.com (Franck Martin)
- The state-level attack on the SSL CA security model
  - From: george.herbert at gmail.com (George Herbert)

Prev by Date: Regional AS model
Next by Date: The growth of municipal broadband networks
Previous by thread: The state-level attack on the SSL CA security model
Next by thread: The state-level attack on the SSL CA security model
Index(es):
- Date
- Thread